Another decentralized finance (DeFi) platform has fallen victim to a cyberattack, this time its Grim Finance. On Sunday, the Yield compounding tool had $30 million worth of fantom tokens siphoned off, the platform officially confirmed.

“The attackers' address has been identified with over 30 million dollars worth of theft here,” Grim Finance developers tweeted on Sunday morning. “The exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk.”

Grim Finance was built on the top of the Fantom Opera network and allows users to stake their liquidity pools, thus harvesting yields and re-staking rewards. These strategies have become popular as they provide even higher yields.

The DeFi protocol attracted deposits of more than $100 million that are stored as the total value locked (TVL), according to the analytics tool, DeFiLlama.

An Advanced Attack

The developers detailed that the attack was an advanced one as the attacker exploited Grim’s vault strategy by entering a malicious token contract. It used five reentrancy loops to fake five deposits while the platform was still processing the first deposit.

As a measure of safety, the developers have paused all of the vaults to prevent any future funds from being placed at risk and have urged users to ‘IMMEDIATELY’ withdraw all funds.

“The exploit was found in the vault contract, so all of the vaults and deposited funds are currently at risk,” the developers detailed.

Moreover, they have contacted and notified USD Coin issuer Circle, AnySwap and Maker to block the hackers' addresses and freeze the funds.

DeFi evolved from blockchain as the true challenger of the existing banking industry but remains vulnerable to cyber-attacks. Most recently Vulcan Forged, which is a crypto gaming ecosystem, lost $140 million and has already refunded most of the victims. Another platform Cream Finance suffered three attacks within the last few months, losing more than $192 million worth of cryptocurrencies.

Another decentralized finance (DeFi) platform has fallen victim to a cyberattack, this time its Grim Finance. On Sunday, the Yield compounding tool had $30 million worth of fantom tokens siphoned off, the platform officially confirmed.

“The attackers' address has been identified with over 30 million dollars worth of theft here,” Grim Finance developers tweeted on Sunday morning. “The exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk.”

Grim Finance was built on the top of the Fantom Opera network and allows users to stake their liquidity pools, thus harvesting yields and re-staking rewards. These strategies have become popular as they provide even higher yields.

The DeFi protocol attracted deposits of more than $100 million that are stored as the total value locked (TVL), according to the analytics tool, DeFiLlama.

An Advanced Attack

The developers detailed that the attack was an advanced one as the attacker exploited Grim’s vault strategy by entering a malicious token contract. It used five reentrancy loops to fake five deposits while the platform was still processing the first deposit.

As a measure of safety, the developers have paused all of the vaults to prevent any future funds from being placed at risk and have urged users to ‘IMMEDIATELY’ withdraw all funds.

“The exploit was found in the vault contract, so all of the vaults and deposited funds are currently at risk,” the developers detailed.

Moreover, they have contacted and notified USD Coin issuer Circle, AnySwap and Maker to block the hackers' addresses and freeze the funds.

DeFi evolved from blockchain as the true challenger of the existing banking industry but remains vulnerable to cyber-attacks. Most recently Vulcan Forged, which is a crypto gaming ecosystem, lost $140 million and has already refunded most of the victims. Another platform Cream Finance suffered three attacks within the last few months, losing more than $192 million worth of cryptocurrencies.