Fantom’s Defi Project Grim Loses $30M to New Hack

Over the weekend, decentralized finance protocol Grim Finance reported losses totaling $30 million after the platform’s deposits were exploited.

News of the re-entrancy exploit came out officially on December 18, when the platform’s team stated that they had been exploited by an “external attacker” who had carted off cryptocurrency worth more than 30 million USD.

How Did the Attack Happen?

After sharing news of the exploit, the Grim team went on to explain that it was an advanced attack. The hacker reportedly accessed the platform’s vault contract. At the moment the vault has been put on hold and clients have been instructed to withdraw their assets as soon as possible. As the exploit was aimed at the vault contract, there is still a threat to all the vault-deposited funds.

Fantom’s Defi Project Grim Loses $30M to New Hack

According to Grim, the attacker duped the protocol with 5 re-entrancy loops that allowed them to create false additional deposits in the vault while the platform was processing the initial transaction.

An hour before the exploit occurred, the hacker pre-funded the protocol’s Ethereum and Binance Smart Chain wallets using privacy solution Tornado cash. Grim is built on the Fantom Opera network, so after the attack, the stolen funds were moved to Ethereum before they were converted into USDC and DAI.

Could the Hack Have Been Avoided?

Grim Finance defines itself as a “compounding yield optimizer.” The protocol gives users the ability to stake their liquidity pool tokens in the Grim Vaults and automatically gathers profits and re-staking rewards using strategies for even greater earnings.

The platform informed Circle, DAI, and AnySwap of the attack and supplied the hacker’s address to freeze any further transfers, however, cybersecurity analysts have considered and discussed the various ways in which the attack could be avoided.

According to RugDoc, a Defi-focused security platform, Grim Finance is to blame for the attack as it could have been prevented if the protocol had installed a re-entrancy guard. The re-entrancy exploit used on the Grim vaults is fairly common on Solidity, the code the Ethereum and Fantom blockchains are based on. Hackers manipulate data and gain access to the network’s assets by interacting and then calling an untrusted contact.

This exploit comes amidst a rise in the number of Defi-focused hacks. This month threat actors have stolen over $600 million from various crypto protocols including AscendEx, a Singapore-based exchange, and Vulcan, an NFT marketplace.

Grim Finance’s last tweet shared that the “Tshare Masonry Vault” had been opened once more before it was shut down permanently so users could make their withdrawals.

After the exploit, the platform’s native token GRIM plummeted by about 80% as it took quite a nosedive $0.794 to $0.151. It has made minimal recovery and is currently trading at $0.238.

You can buy or trade any of your preferred tokens on ChangeNOW without any registration.

Welcome to the NOW experience! The ChangeNOW team presents you with the new community-inspired crypto wallet – NOW Wallet.

Exchange Crypto

    No matches were found for your query

  • 1 BTC ~ 0 ETHExpected rate
  • No hidden fees
Loader Icon

    No matches were found for your query