It’s not just lucky investors getting rich from crypto.
Hackers have made off with billions of dollars in virtual assets in the past year by compromising some of the cryptocurrency exchanges that have emerged over time. Well, at least the reported ones.
No matter what the crypto market’s value amounts, illicit activities, and cryptocurrencies are indeed match made in heaven. Well, more like Hell.
$40 million lost
Grim Finance, a Smart Yield Optimizer Platform built on Fantom Opera is currently trending in the news. The said network has been the latest victim to an exploit with an estimated loss of over $30 million. The team confirmed the same in a series of tweets.
Hello Grim Community,
It is with heavy hearts that we inform you that our platform was exploited today by an external attacker roughly 6 hours ago. The attackers address has been identified with over 30 million dollars worth of theft here https://t.co/qA3iBTSepb
— Grim Finance (@financegrim) December 19, 2021
The said attack was an advanced attack. “The attacker attacked using the function titled beforeDeposit() from our vault strategy entering a malicious token contract,” the team added.
On further research, the team laid out a brief analysis of this heist.
which will increase the _amount to put the vault in a state to mint shares.
On the unwinding of the 5 rentrancies, each loop will see that the _amount is not 0, and mint the corresponding shares, mint the same share count 5x (the number of rentrancy loops).
— Grim Finance (@financegrim) December 19, 2021
Meanwhile, a security researcher with a Twitter handle Vahe Karapetyan reiterated the aforementioned analysis in a concise manner.
Next steps
All vaults were paused to prevent further attacks. Although, a few will be ‘unpaused for users to remove their funds,’ the team noted. But here’s the main concern. The exploit was found in the vault contract. Ergo, all of the vaults and deposited funds were at risk. To raise an alert on the accused attacker and highlight the address, the team:
“…contacted and notified Circle (USDC), DAI, and AnySwap regarding the attacker address to potentially freeze any further fund transfers.”
Nevertheless, many projects such as Beefy, Tomb, SpiritSwap and FTM Alerts expressed their support to the fallen one. Also, providing the latest updates regarding the situation.
A post mortem report should be published soon.
Major blow…
Regardless of support or not, the damage was already done. Grim Finance ( & the token) was down 74.09% in the last 24 hours.
At press time, the token REAPER was trading at the $0.010408 mark following the major setback. Now, will this recover from this blow- only time will tell. Well, before that, the team needs to recover or rather compensate the affected users.