As per the details, the hackers managed to exploit Grim Finance’s vault contract via five reentrancy loops. Following it, Grim Finance paused all vaults immediately to prevent fund transfers to the hacker’s address.
Amid a series of DeFi hacks, decentralized finance (DeFi) project Grim Finance faced a $30 million exploit. As per the details, the hackers managed to steal $30 million worth of Fantom (FTM) tokens. The Grim finance developers tweeted regarding the same on Sunday noting:
“We inform you that our platform was exploited today by an external attacker roughly 6 hours ago. The attackers address has been identified with over 30 million dollars worth of theft here. The exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk”.
As per the reports, the hack was an “advanced attack” wherein the hacker managed to exploit the protocol’s vault contract via five reentrancy loops. This allowed the hackers to fake five additional deposits into the vault while the platform was just processing the first deposit.
To further minimize the risks for future funds, Grim Finance also paused all vaults. It also said: “We have paused all of the vaults to prevent any future funds from being placed at risk, please withdraw all of your funds immediately”.
Built on the Fantom Opera Network, Grim finance will allow users to stake their liquidity pool tokens in Grim Vaults. It also helps them participate in automatically harvesting yields and re-staking rewards by using strategies of getting even higher yields.
Thus, Grim positions itself as a “compounding yield optimizer” built atop the DeFi-focused blockchain protocol Fantom. It also allows users to stake iquidity provider tokens by employing complex vault strategies.
DeFi Project Grim Finance Faces the Heat
Soon after the hack, Grim Finance notified all the entities involved in operating major cryptocurrencies like Circle (USDC), DAI, and the cross-chain protocol AnySwap. They also notified about the hacker address to prevent further fund transfers.
As per the Fantom Blockchain Explorer data, Grim Finance Exploiter continued transacting on December 19. One of the addresses associated with the exploit was holding $1.2 million in Bitcoin, $1.7 million in SpookyToken, along $13,700 in FTM tokens.
Grim Finance faced the heat as some in the crypto community also suggested that the platform should be held responsible for failing to adopt proper reentrancy protection tools. DeFi security platform Rugdoc.io also argued that the protocol gave the user “more privilege than is necessary”.
The rising popularity of DeFi has seen an equal surge in the number of exploiters. In the recent past, there have been a number of such exploits in DeFi.