On September 15, 2025, the AI-agent crypto project GriffinAI lost approximately $3 million when a bridge/mint vulnerability let an attacker mint GAIN tokens without corresponding backing and dump them into liquidity, collapsing the token. Partial recovery followed via exchange coordination and negotiation.
What happened
GriffinAI's cross-chain GAIN token bridge had a flaw allowing minting on the destination chain without a validated lock on the source — the canonical bridge fake-mint pattern (Qubit, Meter). The attacker minted and sold unbacked GAIN.
Aftermath
- Partial recovery; token severely damaged.
Why it matters
GriffinAI is a 2025 instance of the bridge unbacked-mint pattern attached to the year's hype theme (AI-agent tokens). It reinforces two catalogue constants: bridges remain the most structurally fragile DeFi component (mint-without-validated-lock is the recurring failure), and the hype theme is cosmetic — the bug is perennial. Whether the token is a DeFi 2.0 reserve coin (2021), a SocialFi share (2023), or an AI-agent token (2025), the bridge underneath fails the same way, for the same reason, with the same available-but-unapplied defense.
Sources & on-chain evidence
- [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-griffinai-hack-september-2025
- [02]crypto.newshttps://crypto.news/griffin-ai-price-attacker-mints-5b-gain-tokens-2025/
- [03]rekt.newshttps://rekt.news/griffinai-rekt