Grand Base Private Key Rug
Grand Base, an RWA project on Base, lost $2M after its deployer key was compromised or abused; the attacker minted unlimited GB and drained the liquidity pool.
- Date
- Victim
- Grand Base
- Chain(s)
- Status
- Funds Stolen
On April 9, 2024, the Base-chain real-world-asset project Grand Base lost approximately $2 million after its deployer/admin key was compromised (or abused). The attacker minted an unlimited supply of GB tokens and drained the GB liquidity pool, collapsing the token. The on-chain pattern was indistinguishable between external key theft and an insider exit.
What happened
Grand Base's token contract retained privileged mint authority on a single key. Whoever controlled that key minted vast GB supply and sold it into the GB/WETH pool, extracting ~$2M of real value and zeroing the token.
Aftermath
- Project effectively ended; no recovery.
- The "compromise vs. insider rug" ambiguity was never definitively resolved.
Why it matters
Grand Base sits at the catalogue's recurring "key compromise or insider rug — indistinguishable on-chain" boundary, alongside Snowdog and Multichain. The structural risk is identical regardless of intent: a single key with unlimited mint authority is a loaded weapon pointed at every holder. Whether the trigger is pulled by a thief or the founder, the holders' loss is the same. The only defence is on-chain — renounced or multi-sig-timelocked mint authority — and its absence is the single most important red flag a token holder can check, and the one most consistently ignored during a hype window.
Sources & on-chain evidence
- [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-grand-base-hack-april-2024
- [02]crypto.newshttps://crypto.news/base-hack-defi-network/
- [03]rekt.newshttps://rekt.news/grand-base