Deng Tong, Jinse Finance
On September 25, 2025, the GriffinAI team announced that the GAIN token on the BNB blockchain had suffered a major security incident. Following the attack, GAIN's price plummeted, reaching $0.02693 as of press time, a 24-hour drop of 86.9%.
This article reviews the GAIN token attack, analyzes the causes of the theft, and explores its impact.
The GriffinAI team published a post reviewing the GAIN token attack:
A few hours ago, GAIN (BNB chain) experienced an unusual minting and sell-off, causing a significant price drop.
Our investigation confirmed the cause:
- The introduction of an unauthorized LayerZero peer node setup.
- The attacker deployed a forged Ethereum contract ($TTTTT, located at 0x7a8caf). They then added it as a LayerZero peer node for the GAIN Ethereum endpoint (instead of the official ETH token at 0xccdbb9). Using this fake peer node, they minted 5 billion GAIN on the BNB chain and began dumping it on-chain. By deploying fake Ethereum contracts and manipulating the LayerZero peer settings, the attacker successfully minted 5 billion GAIN tokens on the BNB chain and then dumped them, causing a significant drop in the price of the token. The attacker's wallet address (0xf3d173...58db2) has been identified and still holds a significant amount of the over-issued tokens. The GriffinAI team is conducting further investigation. GriffinAI officially stated on social media: Regarding the current developments regarding the GAIN token, the team is investigating the issues and will release a detailed announcement once more information is available. A few hours later, GriffinAI issued another statement: The official GAIN liquidity pool on the BNB chain has been removed to protect user security, and users are cautioned against interacting with any liquidity pools created by the attacker, as these are unofficial and pose risks. They also stated that GAIN on Ethereum was not affected and that further updates would be released later.
According to PeckShieldAlert monitoring, the GriffinAI attacker deposited 700 ETH into Tornado Cash, worth approximately US$2.86 million. Griffin AI has officially requested all exchanges to suspend trading, deposits, and withdrawals of $GAIN (BSC) tokens. This measure aims to prevent attackers from conducting transactions and protect community assets. Binance issued an official announcement: Due to the significant volatility in the TVL and price of the GriffinAI (GAIN) token, Binance Alpha has removed its 4x Alpha trading volume bonus at 8:00 AM (UTC+8) on September 25th to protect user rights. According to on-chain analyst Aunt Ai (@ai9684xtpa), a trader purchased $20,200 worth of GAIN at an average price of $0.00625, resulting in a floating profit of $107,000 in an hour, a return of 530%. No selling has been initiated yet. The GoPlus Chinese community stated on social media that the unusual GAIN minting may be due to unauthorized LayerZero peer initialization and malicious exploitation, similar to the recent Yala attack. The attacker (possibly an insider or through social engineering of project members) initialized an additional LayerZero peer on ETH and minted TTTTT. By exploiting a misconfigured peer, they bypassed cross-chain verification and minted 5 billion GAIN on BSC. III. What is GriffinAI? The GriffinAI project was founded by Oliver Feldmeier in Switzerland in May 2024. GriffinAI is a decentralized protocol dedicated to building a decentralized platform that facilitates effective collaboration between AI agents and individuals to create value within a secure, permissionless framework. Development of the GriffinAI project's first AI agent prototype began in the summer of 2024, focusing on the DeFi investment experience. The team has begun developing three distinct AI agents: a research analyst, a trade execution manager, and a risk manager. The research analyst agent prototype, launched in October 2024 under the ELANN.AI brand, aggregates and evaluates news. In January 2025, the team leveraged multilingual natural language processing technology to launch the first localized version of Elann.AI for the Korean market and established a partnership with Bithumb, South Korea's second-largest exchange. GriffinAI's native token is GAIN. IV. Impact of the GAIN Theft 1. GAIN Plummets Over 90% Yesterday, GAIN was listed on exchanges like Binance, Huobi, and Gate, when it was hacked today. While the market remained cautious, 5 billion illegally minted GAIN tokens were sold off en masse, triggering a panic sell-off. The GAIN token price plummeted by over 90%, severely impacting its subsequent price support. 2. User and partner confidence has nearly eroded. The attacker's ability to easily breach defenses through "unauthorized LayerZero peer node setup" and "forged Ethereum contracts" demonstrates serious issues with the project's security audits and other aspects. Rumors abound in the comments section of official tweets, including speculation about insider involvement, raising questions among users about the project's technical capabilities and integrity. Furthermore, Binance has already removed GAIN's 4x Alpha volume bonus, and major exchanges should be urged to halt GAIN trading. If the team fails to provide a satisfactory response, user and partner confidence in the project will be nearly zero. 3. Re-examining the security of cross-chain protocols. On September 14th, the Yala protocol was hacked, depegging the stablecoin YU. Just ten days later, GAIN was stolen again. Both hacks were carried out by manipulating cross-chain protocol settings. In the Yala attack, hackers exploited a temporary deployment key used during the authorized cross-chain bridge deployment to set up an unauthorized cross-chain bridge, minting 120 million YU tokens on the Polygon chain. These tokens were then bridged to Ethereum and Solana and sold for 7.7 million USDC, temporarily depegging the YU token. On September 17th, Yala announced a solution: the illegally minted YU tokens will be destroyed on September 23rd, restoring a 1:1 USDC exchange rate. Users who suffered liquidation losses due to the depegging will also be compensated, and the company is working with law enforcement to track down the hackers. In the GAIN theft incident, the attacker introduced an unauthorized LayerZero peer node setup, deployed a fake Ethereum contract, and added it as a LayerZero peer node for the GAIN Ethereum endpoint. Using this fake peer node, they minted 5 billion GAIN on the BNB chain and then sold them, causing the GAIN price to plummet.
The two hacker attacks will make some users and project owners more cautious about choosing cross-chain protocols, and may even cause them to re-evaluate the security of cross-chain protocols like LayerZero.
The GAIN token plummeted over 90% upon launch, and its price trend is unlikely to recover in the short term. Whether the project can provide a satisfactory compensation plan for investors and quickly implement technical improvements will affect the project's future progress. If this crisis cannot be effectively resolved, and further negative information detrimental to the project's development continues, GAIN risks being completely abandoned by investors.
Trump’s team has stopped mentioning Elon Musk in online posts and fundraising, as polls show Musk is now less popular than Trump. With Democrats targeting Musk in battleground ads, the silence may signal Trump quietly distancing himself from a fading ally.
KikyoElon Musk’s AI chatbot Grok is now available on Microsoft’s Azure cloud platform, even though Musk is suing Microsoft and OpenAI. The move puts Grok alongside rival AI models, showing xAI is willing to work with Microsoft despite their legal clash.
WeatherlyIs YouTube cracking down on Bitcoin content? It abruptly removed Bitcoin broadcaster Roxom TV without explanation, sparking fears of selective silencing in the crypto space.
CatherineThe SEC has delayed its decision on several Solana-linked ETF proposals and opened a public comment period to gather more feedback. This shows the regulator is being cautious and wants to carefully review these crypto investment products before approving them.
WeatherlyThe new federal law criminalises non-consensual intimate imagery and deepfake porn, mandating tech platforms remove such content within 48 hours. First Lady Melania Trump called it a “national victory” for child protection, as victims now receive federal safeguards against online exploitation.
KikyoSpain is using AI more in film and TV, with new tools helping cut costs and speed up production, especially in smaller industries. At the same time, the country has introduced a draft law to regulate AI use and protect creators and audiences.
AnaisA Canadian startup is pioneering insurance that covers financial losses from AI errors, offering businesses a safety net as AI becomes more integral and unpredictable in operations.
CatherineHwang Jung-eum admitted to taking ₩4.34 billion from her own company to invest in cryptocurrency. She was charged with embezzlement, removed from TV shows and ads, and has repaid most of the money.
AnaisIndia’s Supreme Court criticised the government for taxing crypto profits while failing to create clear rules for its use. The judges warned that the lack of regulation is causing rising fraud and confusion, pushing wealthy investors to leave the crypto market.
WeatherlyTron founder Justin Sun will attend an exclusive dinner with Donald Trump after becoming the top TRUMP meme coin holder. With over $90 million reportedly invested in Trump-linked crypto ventures, some see it as a bold networking move—others question whether the price of a presidential “seat” is worth it.
Catherine