Griffin AI, Nemo, BetterBank: $10.6M Lost to Trust Misconfig, Write-Mode Logic, and Fake Pool Exploits
Three exploits, same lesson: implicit trust kills. Griffin AI blindly trusted a peer that didn’t exist. Nemo’s dev let a read function mutate state. BetterBank handed out rewards to anything pretending to be a pool. Cross-chain, DEX, or rewards logic — it’s all insecure until proven otherwise.
In Brief
Griffin AI lost $3M after a misconfigured LayerZero peer.
Nemo lost $2.6M after a function accidentally updated pool state and let an attacker mint tokens.
BetterBank lost $5M after a bonus mint function failed to verify liquidity pairs, enabling fake-pool payouts.
Hacks Analysis
Griffin AI | Amount Lost: $3M
On September 25th, the Griffin AI exploit on BSC resulted in a $3M loss caused by a misconfigured LayerZero peer connection that allowed unauthorized minting. LayerZero is a cross-chain bridge protocol that allows linking two contracts (peers) on different networks. The attacker deployed a fake Ethereum contract and added it as the peer for GAIN’s Ethereum endpoint. Because of this, the BSC contract trusted messages coming from the attacker’s fake contract and minted 5B GAIN tokens. Griffin AI acknowledged the breach but did not clarify whether it was due to an admin key compromise or an accidental misconfiguration. The team paused transactions shortly after the exploit.
Transaction (on BSC): 0xa85b18bdbd32fbe5468de38032f7f2717faaad663d33991b2c71ce0b3892e866
Nemo | Amount Lost: $2.6M
On September 7th, the Nemo exploit on SUI resulted in a $2.6M loss. The root cause of the exploit was a logic vulnerability in the get_sy_amount_in_for_exact_py_out() function. This function was meant to be read only but by mistake it also allowed updating internal state. In their post-mortem, Nemo confirmed that the function was designed to improve swap price quotes and reduce user slippage but one of their developers accidentally made it modify pool balances. The attacker repeatedly called this function to distort prices inside the pool, then minted and withdrew large amounts of SY tokens.
Press enter or click to view image in full size
Press enter or click to view image in full size
Exploited Contract (on Sui): 0xcf34697ad898bb0f96b2750653208150d89ead6bf224549bebc2b6654e5c5204
On August 27th, the BetterBank exploit on PulseChain resulted in a $5M loss. The root cause of the exploit was that the swapExactTokensForFavorAndTrackBonus() function called a reward function that minted bonus tokens but didn’t check whether the trade came from an approved liquidity pair. The attacker created fake liquidity pools using FAVOR and performed repeated bulk swaps, triggering massive bonus payouts without paying the normal tax.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Follow-up: Conduct a follow-up review to ensure that the remediation steps were effective and that the smart contract is now secure.
Follow-up: Conduct a follow-up review to ensure that the remediation steps were effective and that the smart contract is now secure.
In Brief
Remitano suffered a $2.7M loss due to a private key compromise.
GAMBL’s recommendation system was exploited.
DAppSocial lost $530K due to a logic vulnerability.
Rocketswap’s private keys were inadvertently deployed on the server.
Hacks
Hacks Analysis
Huobi | Amount Lost: $8M
On September 24th, the Huobi Global exploit on the Ethereum Mainnet resulted in a $8 million loss due to the compromise of private keys. The attacker executed the attack in a single transaction by sending 4,999 ETH to a malicious contract. The attacker then created a second malicious contract and transferred 1,001 ETH to this new contract. Huobi has since confirmed that they have identified the attacker and has extended an offer of a 5% white hat bounty reward if the funds are returned to the exchange.
