coinfomania.com
Grim Finance, a DeFi protocol that labels itself as a “smart yield optimizer” built on the Fantom Opera network, has recently been exploited, with losses amounting to $30 million.
Announcing the attack on Dec. 19, Grim Finance noted that the hack had been initiated by an ” external attacker”, stealing over $30 million worth of crypto from the platform.
“It is with a heavy heart that we inform you that our platform was exploited today by an external attacker roughly 6 hours ago. The attacker’s address has been identified with over 30 million dollars worth of theft here,” the project’s developers tweeted.
A Re-entrancy Attack
According to Grim Finance, the hack was an “advanced attack,” where the attacker used a re-entrancy attack, which allows them to manipulate the platform’s data by interacting with the network and calling an untrusted contract, subsequently giving them control over the assets stored on the contract.
Grim Finance noted that the attacker exploited its vault contract via five re-entrancy loops, allowing them to fake five extra deposits into a vault while the platform is processing the first deposit.
Data from the Fantom Blockchain Explorer revealed that most of the transactions from the attacker had been routed to several other Fantom-based decentralized exchanges (DEXs), including SpookySwap and Anyswap.
There the stolen funds were promptly converted to other tokens, including USDC.
Following the hack, Grim Finance halted all vaults to mitigate further risks. It said,
“We have paused all of the vaults to prevent any future funds from being placed at risk, please withdraw all of your funds immediately… The exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk.”
The protocol also noted that it has notified several crypto entities, including Circle (USDC), DAI, and AnySwap regarding the attacker’s address to freeze any further fund transfers.
GRIM Dumps 80%, TVL Slumps
Immediately after the news broke, the protocol’s native token GRIM fell by over 80%, from $0.79 at the time of the attack to $0.15, according to live data from CoinGecko.
The protocol’s total value locked (TVL) also suffered massively, as it dropped by over 84% in the last 24 hours, with just $4.3 million left in the vaults.
Year of the Hackers
2021 has been quite eventful for the crypto space. While there have been several milestones, growths, and massive adoption, hackers have also upped their game.
Just last week the crypto exchange, AscendEx lost over $80 million in an attack hosted via the Ethereum, BSC, and Polygon blockchains.