Griffin AI promises to allow customers to "build, deploy, and scale autonomous AI agents for crypto finance". These are essentially AI-powered bots that perform various functions — some of Griffin's advertised examples include a "robo-adviser" to provide "tailored investment strategies", and bots to do arbitrage trading or manage staked assets.
Griffin AI exploited for $3 million one day after launch
One day after Griffin AI launched its GAIN token on Binance Alpha, an attacker minted 5 billion fake GAIN tokens on the Ethereum blockchain, then exploited a cross-chain endpoint to trick the bridge to the Binance chain into recognizing them as the real thing. The attacker was only able to sell a small fraction of their tokens, but they made off with approximately $3 million as the token plunged in price. According to CEO Oliver Feldmeier, the exploit was enabled by "a misconfigured layer Zero (cross-chain messaging) set-up and compromised key".
Tsotchke "quantum-enhanced AI" crypto project appears to be based on lies
A project called "Tsotchke" has convinced a lot of people to buy up its token based on claims that it uses "spin-based quantum computing" to "enable quantum-enhanced AI at room temperature". However, cryptographers and quantum computer scientists have serious doubts about the claims made by the project's anonymous developers. "[If they] just said it was an advanced random number generator, it would be moderately accurate", remarked the CEO of a separate quantum/crypto crossover company. Another reviewer described the project as "primarily marketing language around a conventional PRNG."
Tsotchke's developers have reacted as any reputable scientists would to those questioning their lofty claims: "Disrespect me again and you're gone", threatened someone in charge of the project's Twitter account.
UniLend exploited for almost $200,000
The UniLend project, which advertises itself as a "unified platform for all things AI and defi", was exploited for almost $200,000. An attacker was able to take advantage of a bug in a smart contract that handled token redemption.
UniLend acknowledged the hack, downplaying it as affecting "only" 4% of the platform's $4.7 million TVL. They offered a bounty to the attacker.
Bittensor wallets drained
Some users of the Bittensor wallet software suffered wallet drains as thieves emptied their cryptocurrency wallets of the project’s TAO token. Around 32,000 TAO, notionally worth around $8 million, was siphoned. Although blockchain sleuth zachxbt hypothesized that the attack may have been thanks to a private key leak, Bittensor later claimed that affected users had in fact been compromised by a malicious Bittensor package that had been uploaded to Python's PyPi package manager. It's not yet clear how the malicious package made it onto the package manager.
Bittensor is among the artificial intelligence-focused cryptocurrency projects that have become popular recently amid the AI hype. Although the project website boasts that "Bittensor is creating a new future for humanity, where new economies and new commodities are decentralized by design and where no single entity is a sole authority," the group unilaterally halted the chain in the wake of the attack.
- "Bittensor Community Update — July 3, 2024", Opentensor Foundation [archive]
GNUS.ai exploited for $1.27 million
An exploiter was able to create a fake version of the $GNUS token on the Fantom blockchain, then bridge the tokens to Ethereum and Polygon where they were then sold as though they were authentic. They were able to drain $1.27 million from the project's liquidity pools.
GNUS.ai (short for "Genius", not a reference to the animal) is one of many AI-related blockchain projects that has sprung out of the recent AI hype. This particular one promises to allow people to "utiliz[e] unused cycles" on various computing devices for computation-intensive AI systems, using cryptocurrency for payments.
Wilder World game suffers $1.8 million theft, blames contractor
Wilder World is a blockchain-based racing game that uses all the buzzwords: blockchains, artificial intelligence, and metaverse. On March 16, someone with access to the project deployer's private key upgraded legacy contracts and transfer the project's $WILD and $MEOW tokens to themselves. Altogether, the attacker profited 515 ETH (~$1.8 million), which they then laundered through the Tornado Cash cryptocurrency tumbler.
The project blamed the theft on a previous contractor who had the private key. They also explained that the attacker seemed to be a developer based on the fact that they had "specialized knowledge of ZERO's internal security systems".
NFPrompt discloses hack
A Binance-incubated platform called NFPrompt claims to be "the first Prompt Artist Platform in Web3" — with "prompt artist" referring to people who come up with prompts to feed into large language models. More succinctly, it's a platform to sell the NFTs you've made out of AI-generated images.
The platform announced on March 15 that it had suffered a "critical security incident" that it attributed to "a group of hackers" who were able to gain access to funds belonging both to the project's users and the project itself. They did not disclose how much was taken.
The project announced that it was working with the FBI, and had contacted centralized exchanges to ask them to freeze stolen funds.
Mozaic exploited for $2 million, recovers 90%
The "AI-optimized" defi project Mozaic Fi was exploited by an attacker who drained around $2 million in funds from the project.
According to MozaicFi, the theft had been perpetrated by a rogue developer who was able to gain access to a private key held by a core team member. They also claimed that a simultaneous large sale of the Mozaic token resulted in cascading liquidations.
In good news for the project, the attacker moved around 90% of the stolen funds to MEXC, a centralized cryptocurrency exchange that was able to freeze the thief's access to the funds.
"The AI Protocol" burns tokens after holder suffers $4.3 million theft
Someone who held over 111.6 million ALI tokens from a project called The AI Protocol was phished by someone using a wallet drainer service using a permit phishing technique. The tokens were priced at around $4.3 million.
Blockchain sleuth zachxbt was able to coordinate with the project to organize a community governance vote to burn the stolen tokens before the attacker was able to cash out. Although this doesn't return the stolen funds to their original owner, it at least keeps the attacker from profiting.
Megabot exit scams for almost $750,000
The Megabot project rug pulled, stealing $742,000 from those who bought in to the project's presale. The majority of the money — around $692,000 — was stolen on the Solana network.
Megabot had advertised itself as an AI trading bot that would earn users "up to 30% monthly". The team had promised that the bot would perform trades while "sidestepping potential risks such as honeypots, rugs, and slow rugs".
"No one will be able to rug you anymore", their website boasted. Ah, well.