In a startling revelation, Smart GPT reported a significant breach in its security infrastructure. Early indications suggest that the security incident took place on July 7th, where unauthorized transactions drained an astounding 15M USD worth of SGPT and 43.6M USDT from the SGPT wallet.
How It Happened
The intricate web of this security lapse reveals that the attacker compromised one of the SGPT validator nodes and Smart DAO validator nodes. The SGPT chain, which comprises nine validator nodes, requires five out of these nine validator signatures for either a deposit or withdrawal event. It has emerged that the perpetrator successfully hijacked control of four SGPT validators and a third-party validator belonging to Smart DAO.
Interestingly, a significant part of this breach can be traced back to an oversight in January 2024. During a phase of high user demand, SGPT sought Smart DAO’s assistance to facilitate free transactions. While this collaboration was terminated by May 2024, an allowlist access remained active, inadvertently leaving a backdoor for the attacker. Using this loophole, the attacker accessed SGPT’s systems and manipulated the Smart DAO validator’s signature via the gas-free RPC.
Repercussions and Remedial Actions
As a precautionary measure, SGPT temporarily suspended the SGPT Bridge and collaborated with Pancake Swap to disable their bridge for SGPT transactions. The breach not only highlights the vulnerabilities of decentralized systems but also underscores the importance of persistent security updates and audits.
SGPT is collaborating closely with Chainalysis to trace the stolen funds and has increased its validator threshold to prevent similar incidents in the future. In addition, the team is also working with law enforcement and engaging with cryptographic experts to retrieve or reimburse the pilfered funds.
Token Impact and the Road Ahead
The aftermath of the breach witnessed the token price soaring to over ten times the Launchpad’s initial selling price. Many in the crypto community believe in the potential of the SGPT project and hope to see it recover from this setback. The initiative’s innovative nature is undeniable, and it will be intriguing to see how they maneuver through these challenging times.
Stay tuned for additional updates as this situation continues to unfold.
