DeFi Platform Grim Finance Hacked, Lost $30 Million in Crypto

Monday, 20/12/2021 | 13:37 GMT by Arnab Shome
  • The attack was an advanced one as the attackers exploited the vault strategy.
  • The project urged users to withdraw all funds.
cybersecurity

Another decentralized finance (DeFi) platform has fallen victim to a cyberattack, this time its Grim Finance. On Sunday, the Yield compounding tool had $30 million worth of fantom tokens siphoned off, the platform officially confirmed.

“The attackers' address has been identified with over 30 million dollars worth of theft here,” Grim Finance developers tweeted on Sunday morning. “The exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk.”

Grim Finance was built on the top of the Fantom Opera network and allows users to stake their liquidity pools, thus harvesting yields and re-staking rewards. These strategies have become popular as they provide even higher yields.

The DeFi protocol attracted deposits of more than $100 million that are stored as the total value locked (TVL), according to the analytics tool, DeFiLlama.

An Advanced Attack

The developers detailed that the attack was an advanced one as the attacker exploited Grim’s vault strategy by entering a malicious token contract. It used five reentrancy loops to fake five deposits while the platform was still processing the first deposit.

As a measure of safety, the developers have paused all of the vaults to prevent any future funds from being placed at risk and have urged users to ‘IMMEDIATELY’ withdraw all funds.

“The exploit was found in the vault contract, so all of the vaults and deposited funds are currently at risk,” the developers detailed.

Moreover, they have contacted and notified USD Coin issuer Circle, AnySwap and Maker to block the hackers' addresses and freeze the funds.

DeFi evolved from blockchain as the true challenger of the existing banking industry but remains vulnerable to cyber-attacks. Most recently Vulcan Forged, which is a crypto gaming ecosystem, lost $140 million and has already refunded most of the victims. Another platform Cream Finance suffered three attacks within the last few months, losing more than $192 million worth of cryptocurrencies.

Another decentralized finance (DeFi) platform has fallen victim to a cyberattack, this time its Grim Finance. On Sunday, the Yield compounding tool had $30 million worth of fantom tokens siphoned off, the platform officially confirmed.

“The attackers' address has been identified with over 30 million dollars worth of theft here,” Grim Finance developers tweeted on Sunday morning. “The exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk.”

Grim Finance was built on the top of the Fantom Opera network and allows users to stake their liquidity pools, thus harvesting yields and re-staking rewards. These strategies have become popular as they provide even higher yields.

The DeFi protocol attracted deposits of more than $100 million that are stored as the total value locked (TVL), according to the analytics tool, DeFiLlama.

An Advanced Attack

The developers detailed that the attack was an advanced one as the attacker exploited Grim’s vault strategy by entering a malicious token contract. It used five reentrancy loops to fake five deposits while the platform was still processing the first deposit.

As a measure of safety, the developers have paused all of the vaults to prevent any future funds from being placed at risk and have urged users to ‘IMMEDIATELY’ withdraw all funds.

“The exploit was found in the vault contract, so all of the vaults and deposited funds are currently at risk,” the developers detailed.

Moreover, they have contacted and notified USD Coin issuer Circle, AnySwap and Maker to block the hackers' addresses and freeze the funds.

DeFi evolved from blockchain as the true challenger of the existing banking industry but remains vulnerable to cyber-attacks. Most recently Vulcan Forged, which is a crypto gaming ecosystem, lost $140 million and has already refunded most of the victims. Another platform Cream Finance suffered three attacks within the last few months, losing more than $192 million worth of cryptocurrencies.

About the Author: Arnab Shome
Arnab Shome
  • 6534 Articles
  • 87 Followers
About the Author: Arnab Shome
Arnab is an electronics engineer-turned-financial editor. He entered the industry covering the cryptocurrency market for Finance Magnates and later expanded his reach to forex as well. He is passionate about the changing regulatory landscape on financial markets and keenly follows the disruptions in the industry with new-age technologies.
  • 6534 Articles
  • 87 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}