Binance Alpha's rising star GriffinAI encountered a "black swan" event just half a day after its launch. Its token GAIN's price nearly zeroed out due to malicious inflation, plunging the project into "rug pull" suspicions and causing an uproar within the community.

On the evening of September 24, the highly anticipated Web3 AI project GriffinAI made its debut on Binance Alpha. Its token GAIN performed well initially, reaching a high of $0.2764 and subsequently stabilizing around $0.16. However, the good times were short-lived. Merely 12 hours after launch, the project suffered a severe security incident: an attacker exploited a configuration vulnerability to maliciously mint 5 billion GAIN tokens and conducted a concentrated sell-off. This caused the token price to plummet over 97% within an hour, hitting a low of $0.004185. At the time of writing, the GAIN price remains stagnant at a low level around $0.0195.

Dramatically, during the price crash, an address bought the dip heavily near the bottom. According to monitoring, an address starting with 0x951 purchased $20,200 worth of GAIN at an average price of $0.00625, realizing an unrealized profit of as high as $107,000 within an hour. Concurrently, many community investors also attempted to buy the dip, prompting a slight price rebound. However, crypto KOL "Marktowin" issued a warning on Binance Square, stating that the project team had abandoned the project, and buying the dip would face greater risks, predicting its "lifecycle to be less than 24 hours."

The GriffinAI team released a statement 4 hours after the incident, explaining that the attacker bypassed cross-chain validation mechanisms by setting up an unauthorized LayerZero endpoint to maliciously mint a massive amount of GAIN tokens on the BNB Chain. The project team has taken emergency measures, requesting exchanges to suspend trading, deposits, and withdrawals of GAIN on the BNB Chain and removing official liquidity. However, the announcement did not propose specific recovery or compensation plans, sparking strong dissatisfaction within the community.

It is worth noting that after selling 150 million GAIN for a profit of approximately $3 million, the malicious minter's address has cross-chain transferred the funds to multiple networks via deBridge and has begun moving ETH into the mixer Tornado Cash, significantly increasing the difficulty of fund recovery. 23pds, Chief Information Security Officer at SlowMist, pointed out that once funds enter Tornado Cash, recovery becomes exceptionally difficult.

Within the community, suspicions persist over whether the "hack" was orchestrated by the project team itself. Some believe the so-called attack was likely an inside job. Security firm GoPlus also analyzed that the attacker could be an insider or gained control through social engineering of a team member. Furthermore, investors are also pointing fingers at Binance Alpha, questioning its project review mechanism. Previously, MYX, another project from the Binance Alpha series, was embroiled in an "airdrop scam" controversy. This incident further damages user trust in Binance Alpha.

If GriffinAI wishes to regain community trust, the top priority is to transparently collaborate with exchanges to freeze the attacker's address, fix the cross-chain vulnerability, and introduce substantive compensation plans, such as a 1:1 token migration. Binance Alpha also urgently needs to strengthen project code audits and team background checks to prevent similar risks from recurring. Otherwise, GriffinAI will likely be doomed as a "short-lived project," and Binance Alpha's reputation will continue to suffer.