en
Back to the list

DeFi Hack Series Continues: Another Protocol Lost $40 Million

source-logo  u.today  + 13 more 19 December 2021 16:04, UTC

Another DeFi protocol has become a victim of hacking. According to security researcher Vahe Karapetyan, the estimated loss of GrimFinance totals $40 million and was made with a similar vulnerability as that tied to flash loans and liquidity.

Hack's sequence

First of all, the hacker grabbed a flash loan for two tokens and added liquidity on SpiritSwap, which allowed him or her to mint SPIRIT liquidity rewards and make a deposit call.

Then the sequence of various commands allowed the hacker to gain control over a large amount of flash loaned tokens. With the usage of the Spirit LP token, the hacker was able to make a re-deposit, which allowed him to stack a large number of additional tokens.

Grim Finance(https://t.co/i6qxb1ObEy) got hacked 2 hours ago
Estimated loss: $40mln

One of the attacking transactions: https://t.co/BBWUq72CBN

Attack Analysis:#FTM #ETH #BSC #GrimFinance #GrimExploit

1/4

— Vahe Karapetyan (@k3mmio) December 18, 2021

Currently, the transaction page counts more than 40 transactions made during the hacking sequence. The estimated loss was counted by adding up all the transactions, including Bitcoin and the wrapped Fantom tokens.

The aforementioned funds have not yet been transferred to any exchange or address. With the majority of funds remaining on only one address, centralized exchanges would be able to limit the hacker's wallet similar to the Poly.Network case.

Series of DeFi hacks

Grim.Finance is not the first case of funds being stolen on the market. Previously, the Vee.Finance contract was hacked by an anonymous individual who stole $35 million in various cryptocurrencies.

While both cases could be considered quite significant, they cannot compete with the Poly Network hack that yielded $600 million. The stolen funds were returned, which raised numerous concerns in the DeFi community that the whole situation was a publicity stunt.

Only a month ago, the cross-chain decentralized platform backed by Alameda Research's ChainSwap also became a victim of blockchain pirates, with more than 10 tokens being affected by the hack. Roughly $8 million worth of tokens were stolen from users.

u.today

Similar news (13)
Add similar news

Add similar news

Send us a link to a similar news story on another source.

Why do we need it

The citation rate of a news item indicates its importance and significance. The number of mentions in different sources allows you to look at an event from different angles.

Please help us improve the application. If we have published news and you have found a similar one in another source, send us a link to it.