cryptoknowmics.com
Grim Finance is living up to its moniker after becoming a victim of an "advanced assault" in which hackers stole tokens worth $30 million. The platform, which is based on the Fantom blockchain, said that the attacker used a fraudulent token contract and disclosed that, due to the vulnerability being discovered in the vault contract, "all vaults and deposited monies are immediately at risk."
Grim Finance Got Hacked for $30 Million
Grim is a compounding yield optimizer, which means it adds value to the liquidity provider (LP) tokens that DeFi investors get from DEXs when they lock them up with Grim.
And, as one of the impacted customers noted, it's a very appealing alternative due to its much greater annual percentage yield (APY) than its rivals. It is based on Opera, which is said to be a safe and fast platform for developing decentralized applications on the Fantom blockchain.
Grim reported on Twitter a day earlier that it had been the target of an assault. The attacker triggered five reentrancy loops by entering a rogue token contract. Reentrancy is a kind of attack in which an attacker makes further deposits into a vault while the platform is still processing the first. In Grim's instance, the assailant did it five times.
The attacker loaded his Ethereum and Binance Smart Chain wallets using Tornado Cash, an Ethereum currency mixer that enables users to sever the on-chain connection between sender and recipient one hour before exploiting the flaw. This makes tracing the monies' origins very difficult.
Vulnerability in the Vault Contract
Grim halted all vaults after the incident to avoid any future cash from being put in danger. It also asked its customers to remove all of their money as soon as possible. It went on to say: Because the vulnerability was discovered in the vault contract, all vaults and deposited cash are now in danger. We've told Circle (USDC), DAI, and AnySwap about the attacker's address, and they've agreed to stop any additional payment transfers.
Experts in cyber security debate how the newest DeFi attack may have been averted. Grim Finance is mostly to blame for the vulnerability, according to RugDoc, a DeFi security group. It neglected to include reentrancy protection, which the hackers subsequently exploited.