The real-world asset tokenisation protocol Grand Base (GB), which operates on Coinbase's layer-2 blockchain and launched less than five months ago, has incurred losses totalling $2 million following a compromise of its private key.
According to blockchain analytics firm PeckShield, the leak of the private key led to the theft of $1.7 million in tokens from its liquidity pools, which were subsequently exchanged on-chain for Ether and transferred to an external address.
#PeckShieldAlert Private Key leak? @grandbase_fi
The stolen token has been swapped for ~527 $ETH (~$1.7m) & bridged them to #Ethereumpic.twitter.com/DQYFEECrNN
— PeckShieldAlert (@PeckShieldAlert) April 15, 2024
a
Concurrently, the protocol’s native token experienced a 99% decline in value over the past 24 hours as a consequence of the incident.
On Telegram, a Grand Base admin emphasized that:
"… this token contract is NOT safe anymore and you should NOT swap or interact with it, stay safe. We will update you asap on the next step."
In a subsequent analysis by blockchain analytics firm CertiK, it was revealed that the hacker had seized control of Grand Base deployer contracts, enabling the unauthorised minting and withdrawal of an excessive number of GB tokens.
Thereafter, it was confirmed that the stolen funds totalled $2 million.
As the situation unfolded, Grand Base's management announced ongoing efforts to monitor the hacker's wallets and collaborate with centralised exchanges to prevent any further fund recovery attempts.
They added:
"We are in talks with CEXs [centralised exchanges] to freeze any funds that he might move…The team is working round the clock to address the security breach and minimise any further risk to our users."