The decentralized AI computing network Gnus.AI suffered a devastating security breach that resulted in approximately $1.27 million in losses, exposing critical vulnerabilities in cross-chain token bridge protocols and the dangers of compromised private communications. The exploit, which targeted the Genius (GNUS) token on the Fantom network, demonstrates how sophisticated attackers are combining social engineering with technical exploitation to drain liquidity from decentralized protocols.
The Exploit Mechanics
The attack began with unauthorized access to private Discord messages among Gnus.AI team members, according to statements from the project CEO known as “SuperGenius.” The attacker obtained the private key to a Gnus.AI team wallet, identified by its prefix 0x18, which controlled sensitive administrative functions for the token. Armed with this access, the attacker extracted the token salt data from Ethereum, a cryptographic component used in the token deployment process.
Using the Axelar bridge protocol, the attacker then created a malicious version of the GNUS token on the Fantom network. By leveraging the compromised salt data, the attacker minted 100 million counterfeit GNUS tokens on Fantom, which were subsequently bridged back to the Ethereum network. These fake tokens were then sold into the GNUS liquidity pool on Ethereum, exchanged for legitimate assets including Ether, causing a severe price crash and significant financial losses for existing token holders who saw their positions rapidly devalue.
Affected Systems
The exploit affected multiple layers of the Gnus.AI infrastructure. The Fantom-based GNUS token contract was compromised through the token minting mechanism. The Axelar cross-chain bridge was used as the attack vector for moving counterfeit tokens between networks. The Ethereum-based liquidity pools absorbed the selling pressure from the dumped fake tokens. Blockchain security firm CertiK estimated the total damage at approximately $1.27 million, making it one of the more significant exploits in the Fantom ecosystem during May 2024, when Bitcoin was trading around $69,122 and Ethereum near $3,737.
The broader impact extended beyond direct financial losses. GNUS token holders experienced a severe price crash as the counterfeit tokens flooded the market. The exploit also affected a separate incident on the same day involving the $YON token on BNB Chain, which lost approximately 190 BNB worth around $118,000 through a separate vulnerability, highlighting that May 22, 2024 was a particularly active day for crypto exploits.
The Mitigation Strategy
In response to the attack, Gnus.AI announced a comprehensive compensation plan and token migration strategy. The team committed to depositing $500,000 worth of Ether into a liquidity pool for a new version of the GNUS token, along with an additional $500,000 in fees that were locked until February 2025. According to CertiK estimates, this compensation plan would cover roughly 80 percent of the losses suffered by token holders.
The team advised all users to stop purchasing the compromised GNUS token and announced the launch of a new token version with enhanced security measures. The migration process involved deploying fresh smart contracts with improved access controls and implementing additional safeguards around the token minting and bridge verification processes.
Lessons Learned
The GNUS.AI exploit serves as a stark reminder that the weakest link in blockchain security is often human communication rather than smart contract code. Private Discord messages, despite the platform encryption, remain vulnerable to compromise through phishing, credential theft, or insider threats. Teams managing significant treasury operations through platforms like Discord must implement additional layers of security verification.
Cross-chain bridge protocols, while essential for interoperability, introduce additional attack surfaces that malicious actors can exploit when administrative keys are compromised. The CertiK report from April 30, 2024, had noted a decrease in the frequency of such exploits, but the GNUS.AI incident demonstrated that the severity of individual attacks remains significant.
User Action Required
Investors holding GNUS tokens from the compromised contract should immediately stop trading the old token and follow official Gnus.AI channels for migration instructions. Users should verify all contract addresses before interacting with any new token deployment. For the broader crypto community, this incident reinforces the importance of verifying cross-chain bridge transactions, using hardware wallets for treasury management, and implementing multi-signature requirements for administrative functions. As the crypto market continues to grow with Bitcoin above $69,000, the incentive for attackers increases proportionally, making security vigilance more critical than ever.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making investment decisions.
discord compromise into private key extraction into cross-chain mint. thats a 3-step exploit chain and every single step was a basic opsec failure
every step was preventable. hardware key for team comms, salt rotation per chain, and multi-sig on admin wallets. basic stuff
1.27 million gone because someone had their private key accessible through discord messages. i cant even
the axelar bridge being the vector here is concerning. bridges are already the weakest link in crypto and this just adds another layer of trust assumptions
the salt reuse across chains is the real vulnerability here. same deployment parameters on fantom made the counterfeit trivial to create
CEO goes by SuperGenius and stores private keys in discord dms. you literally cant make this stuff up
supergenius storing private keys in discord dms should be a case study in what not to do. 2024 and teams still havent learned basic opsec