financemagnates.com
Another decentralized finance (DeFi) platform has fallen victim to a cyberattack, this time its Grim Finance. On Sunday, the Yield compounding tool was siphoned off $30 million worth of fantom tokens, the platform officially confirmed.
“The attackers' address has been identified with over 30 million dollars worth of theft here,” Grim Finance developers tweeted on Sunday morning. “The exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk.”
Hello Grim Community,
— Grim Finance (@financegrim) December 19, 2021
It is with heavy hearts that we inform you that our platform was exploited today by an external attacker roughly 6 hours ago. The attackers address has been identified with over 30 million dollars worth of theft here https://t.co/qA3iBTSepb
Grim Finance was built on the top of the Fantom Opera network and allows users to stake their liquidity pools, thus harvesting yields and re-staking rewards. These strategies became popular as they provide even higher yields.
The DeFi protocol attracted deposits of more than $100 million that are stored as the total value locked (TVL), according to analytics tool DeFiLlama.
An Advanced Attack
The developers detailed that the attack was an advanced one as the attacker exploited Grim’s vault strategy by entering a malicious token contract. It used five reentrancy loops to fake five deposits while the platform was still processing the first deposit.
As a measure of safety, the developers have paused all of the vaults to prevent any future funds from being placed at risk and also urged users to ‘IMMEDIATELY’ withdraw all funds.
“The exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk,” the developers detailed.
They have also contacted and notified USD Coin issuer Circle, AnySwap, and Maker to block the hackers' addresses and freeze the funds.
DeFi evolved from blockchain as the true challenger of the existing banking industry, but remains vulnerable to cyber-attacks. Most recently Vulcan Forged, which is a crypto gaming ecosystem, lost $140 million that already refunded most of the victims. Another platform Cream Finance suffered three attacks within months, losing more than $192 million worth of cryptocurrencies.