thecoinrepublic.com
- Grim Finance, a compounding yield optimizer was attacked by the hackers, losing $30 Million in Fantoms from the platform.
- It was confirmed by the decentralized finance platform that the attack was “advanced” and there’s a threat to funds that are still deposited.
- Contact has been made by the Grim Finance to DAI and Circle in order to halt the transactions.
Re-entrancy was Utilized by the Hackers to Execute DeFi Hacking
Grim Finance is set up on Fantom Opera Blockchain, which is a smart contract platform harmonious with Ethereum. Additional value can be gained by the users through the tokens that offer liquidity from DeFi exchanges through depositing funds in the Grim vault.
A reentrant flaw was identified by the hacker, which enabled the hacker to add extra fraud deposits in the vault, as the inceptive transaction proceeded, misleading the protocol. The attack costs $30 Million, as per the team that affirmed the hack.
All the transactions associated with the Grim Finance vaults had been put to a halt in order to prevent any possible attacks. It was highlighted by the team that some of the vaults might remain functional so that the users willing to withdraw the funds, can take their funds out of the vault. Currently, a threat is still roaming around the funds that are still deposited in the vaults, following the attacks.
Exploitation of the Smart Contracts
Just before an hour of the hack, a hostile token contract was generated and utilized by the attacker. BSC and Ethereum wallets were funded by the attacker via Tornado Cash. The funds then were washed away by the perpetrator via transferring of the stablecoins by connecting the pilfered crypto-asset funds from Fantom Mainnet to ETH mainnet in exchange for DAI and USDC. A tweet was made by Grim Finance stating that, “We have contacted and notified Circle (USDC), DAI, and AnySwap regarding the attacker address to potentially freeze any further fund transfers.”
Rugdoc.io, a Defi monitoring group consisting of investors as well as smart contract experts stated that “Grim Finance should have known better and used a reentrancy guard.” It also tweeted that, “Hopefully all projects can draw lessons from this incident that there is much knowledge most experienced solidity devs have at hand.” It added that “If you haven’t acquired this yet, don’t build multi-million dollar projects. Don’t get audits from companies which everyone knows are useless.”
String of DeFi Hacks
Grim Finance is not the very first victim of these types of attacks. $35 Million were swept from the Vee finance contract was attacked by an incognito person in different types of crypto assets. Both these attacks were unfortunate and a significant amount was swept away by the hackers, but these attacks did not have a match with the Polygon Network Hack, where the attackers stole $600 Million. Surprisingly, the funds were reimbursed, which raised the doubt among people that the whole event was a stunt for publicity.