QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$2 200 000 USD
DECEMBER 2024
GLOBAL
GEMPAD
DESCRIPTION OF EVENTS

"The Launchpad for everyone who wants to launch or invest in the best projects. GemPad offers unmatched support and most affordable fees in the industry."
"We have crafted an all-in-one platform, providing users with numerous features that can be used with no coding requirements. We offer an affordable, feature-rich launchpad with different types of Whitelists, Liquidity and Token Locks, Staking Pools along with other options as well as a huge investor base and a network of partners that offer any crypto related service you need."
"GemPad stands as a premier multi-chain decentralized launchpad and crowdfund, offering a cutting-edge platform for users and project owners to initiate their projects and tokens.
Leveraging the capabilities inherent in the ETH Diamond standard (EIP-2535), GemPad delivers a highly optimized decentralized application (dApp), positioning itself as a leader within the Web3 ecosystem."
"We support Seed Rounds, Private Sales, Partial Raises, Presales, Fair Launches, Hyper launches and Stealth Launches which no other launchpad out there supports at the moment. New addition to the list has been added on the 31st of January with the Evolution Update. GemPad now also supports Liner and OTC Sales."
"The attack was made possible due to the absence of nonReentrant protection in the GempadLock contract."
"The tokens affected were from three major chains – Ethereum, Base, and BNB Smart Chain. The GempadLock smart contract was the flawed entry point, due to lack for reentrancy protection.
The exploit happened despite the recent audit by Cyberscope. GemPad was even given a high security score, though the flaw was found within one function in one smart contract."
Most sources are around $2m USD for the loss. According to OKLink, losses are $2.2m USD. Other sources such as Rekt.news list the losses at $1.9m.
"Several projects watched helplessly as their supposedly secured assets slipped through GemPad's fingers, victims of DeFi's most notorious exploit pattern."
"BPay, Munch, Nutcoin, and others scrambled to calm their communities while GemPad raced to patch the vulnerability.
The protocol swiftly acknowledged the breach and began working with affected projects, but their stolen liquidity had already scattered across chains."
"As some of you may have noticed, an incident occurred last night where someone managed to breach our security locks.
We immediately contacted all of our partners and experts in the space to investigate and resolve the situation. The issue has now been fully identified and mitigated.
All other locks are now safe giving GemPad team time to push a complete contract upgrade.
Locker is temporarily unavailable until our next announcement.
Only a small number of projects were affected, and we can confidently assure you that this issue CAN NOT happen to any other projects launched through GemPad anymore, so all your funds, tokens and liquidity now are safe.
For all the projects that were affected, we are deeply sorry and we will contact them all and work with them.
We will provide further updates through official announcements as soon as we have more information. Until then, we ask for your patience and understanding allowing us to work on the matter.
Thank you for your trust and support."
"Our system has detected multiple suspicious transactions involving @TheGemPad!
It appears that an attacker breached @TheGemPad's security locks across multiple chains. The total loss is estimated to be close to $2M. The attacker drained digital assets from GemPad Lock and swapped them to $ETH, $BNB."
"Our team is still in shock from the events that unfolded yesterday. We take safety very seriously and we never imagined something like this could happen.
GemPad’s lock contracts have been thoroughly audited by two of the most reputable companies in the space, @Cyberscope_io and @SolidProof_io both confirming there were no risks on the contract.
Thanks to the swift intervention of a trusted cybersecurity company that reached out to us yesterday, the issue in the contract was identified very quickly, ensuring no further projects on GemPad are at risk. Out of over 3,000 projects launched or locked through us, 27 were affected yesterday. While any impact is deeply regrettable and should never happen, we are relieved the damages were not more extensive and proud of how fast our team acted to mitigate the issue.
Today, we will be holding an internal team meeting to finalize a plan for supporting the affected projects. Our top priority is recovering the stolen funds, and we are working closely with our partners and specialized cybersecurity firms, who are already on the case.
We deeply appreciate your understanding and support during this challenging time. Thank you for standing by us."
GemPad is a launchpad application for new projects, supporting a variety of different Seed Rounds, Private Sales, Partial Raises, Presales, Fair Launches, Hyper launches and Stealth Launches. Despite audits by both Cyberscope and Solidproof, the project still contained a reentrancy vulnerability and suffered a smart contract attack which draiend roughly $2m worth of funds. The impact was reportedly limited to 27 out of 3,000 projects who use the protocol, and the team has reportedly reached out to all affected protocols and to multiple blockchain authorities to assist with recovery.
Rekt - GemPad - Rekt (Dec 20)
@OKLink Twitter (Dec 20)
@OKLink Twitter (Dec 20)
Ethereum交易哈希0x7b67...1dd02a | 区块链浏览器 | OKLink (Dec 20)
Ethereum Transaction Hash (Txhash) Details | Etherscan
(Dec 20)
@CyversAlerts Twitter (Dec 20)
audits/gempad/audit.pdf at main · cyberscope-io/audits · GitHub (Dec 20)
Projects/2024/Gempad_LockV2/SmartContract_Audit_Solidproof_Gempad_LockV2.pdf at main · solidproof/Projects · GitHub (Dec 20)
@TheGemPad Twitter (Dec 20)
@TheGemPad Twitter (Dec 20)
The Gem Pad token launchpad has been exploited for $2M on multiple chains (Dec 20)
Introducing GemPad | GemPad - The Launchpad For You (Dec 20)
