$2 200 000 USD

DECEMBER 2024

GLOBAL

GEMPAD

DESCRIPTION OF EVENTS

"The Launchpad for everyone who wants to launch or invest in the best projects. GemPad offers unmatched support and most affordable fees in the industry."

 

"We have crafted an all-in-one platform, providing users with numerous features that can be used with no coding requirements. We offer an affordable, feature-rich launchpad with different types of Whitelists, Liquidity and Token Locks, Staking Pools along with other options as well as a huge investor base and a network of partners that offer any crypto related service you need."

 

"GemPad stands as a premier multi-chain decentralized launchpad and crowdfund, offering a cutting-edge platform for users and project owners to initiate their projects and tokens.

 

Leveraging the capabilities inherent in the ETH Diamond standard (EIP-2535), GemPad delivers a highly optimized decentralized application (dApp), positioning itself as a leader within the Web3 ecosystem."

 

"We support Seed Rounds, Private Sales, Partial Raises, Presales, Fair Launches, Hyper launches and Stealth Launches which no other launchpad out there supports at the moment. New addition to the list has been added on the 31st of January with the Evolution Update. GemPad now also supports Liner and OTC Sales."

 

"The attack was made possible due to the absence of nonReentrant protection in the GempadLock contract."

 

"The tokens affected were from three major chains – Ethereum, Base, and BNB Smart Chain. The GempadLock smart contract was the flawed entry point, due to lack for reentrancy protection.

 

The exploit happened despite the recent audit by Cyberscope. GemPad was even given a high security score, though the flaw was found within one function in one smart contract."

 

Most sources are around $2m USD for the loss. According to OKLink, losses are $2.2m USD. Other sources such as Rekt.news list the losses at $1.9m.

 

"Several projects watched helplessly as their supposedly secured assets slipped through GemPad's fingers, victims of DeFi's most notorious exploit pattern."

 

"BPay, Munch, Nutcoin, and others scrambled to calm their communities while GemPad raced to patch the vulnerability.

 

The protocol swiftly acknowledged the breach and began working with affected projects, but their stolen liquidity had already scattered across chains."

 

"As some of you may have noticed, an incident occurred last night where someone managed to breach our security locks.

 

We immediately contacted all of our partners and experts in the space to investigate and resolve the situation. The issue has now been fully identified and mitigated.

 

All other locks are now safe giving GemPad team time to push a complete contract upgrade.

 

Locker is temporarily unavailable until our next announcement.

 

Only a small number of projects were affected, and we can confidently assure you that this issue CAN NOT happen to any other projects launched through GemPad anymore, so all your funds, tokens and liquidity now are safe.

 

For all the projects that were affected, we are deeply sorry and we will contact them all and work with them.

 

We will provide further updates through official announcements as soon as we have more information. Until then, we ask for your patience and understanding allowing us to work on the matter.

 

Thank you for your trust and support."

 

"Our system has detected multiple suspicious transactions involving @TheGemPad!

 

It appears that an attacker breached @TheGemPad's security locks across multiple chains. The total loss is estimated to be close to $2M. The attacker drained digital assets from GemPad Lock and swapped them to $ETH, $BNB."

 

"Our team is still in shock from the events that unfolded yesterday. We take safety very seriously and we never imagined something like this could happen.

 

GemPad’s lock contracts have been thoroughly audited by two of the most reputable companies in the space, @Cyberscope_io and @SolidProof_io both confirming there were no risks on the contract.

 

Thanks to the swift intervention of a trusted cybersecurity company that reached out to us yesterday, the issue in the contract was identified very quickly, ensuring no further projects on GemPad are at risk. Out of over 3,000 projects launched or locked through us, 27 were affected yesterday. While any impact is deeply regrettable and should never happen, we are relieved the damages were not more extensive and proud of how fast our team acted to mitigate the issue.

 

Today, we will be holding an internal team meeting to finalize a plan for supporting the affected projects. Our top priority is recovering the stolen funds, and we are working closely with our partners and specialized cybersecurity firms, who are already on the case.

 

We deeply appreciate your understanding and support during this challenging time. Thank you for standing by us."

 

Explore This Case Further On Our Wiki

GemPad is a launchpad application for new projects, supporting a variety of different Seed Rounds, Private Sales, Partial Raises, Presales, Fair Launches, Hyper launches and Stealth Launches. Despite audits by both Cyberscope and Solidproof, the project still contained a reentrancy vulnerability and suffered a smart contract attack which draiend roughly $2m worth of funds. The impact was reportedly limited to 27 out of 3,000 projects who use the protocol, and the team has reportedly reached out to all affected protocols and to multiple blockchain authorities to assist with recovery.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2025 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.