It has been a grim weekend for the Grim Finance protocol which has reported that it had been exploited to the tune of $30 million.
On Dec 19, the decentralized finance project Grim Finance alerted its uses to an attack. The team stated that the platform had been exploited by an “external attacker” that has made off with $30 million worth of crypto assets.
The Grim Finance team went on to state that it was an advanced attack in which the hacker exploited the protocol’s vault contract. It added that the vaults have been paused and recommended that user withdraw their funds.
“We have paused all of the vaults to prevent any future funds from being placed at risk, please withdraw all of your funds IMMEDIATELY.”
Grim Finance labels itself as a “compounding yield optimizer” which employs complex vault strategies to offer boosted yields from liquidity provider tokens.
Grim Finance’s smart contract exploited
Around an hour before the malicious smart contract was exploited, the attacker pre-funded Grim Finance’s Ethereum and Binance Smart Chain wallets using Tornado Cash. The stolen crypto was bridged from the Fantom network on which Grim is based to Ethereum before being converted into USDC and DAI.
Grim stated that the exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk. The hacker tricked the protocol with a reentrancy attack which creates fake additional deposits into a vault while an initial transaction is still ongoing.
“We have contacted and notified Circle (USDC), DAI, and AnySwap regarding the attacker address to potentially freeze any further fund transfers.”
In its latest tweet, the Grim Finance team said that they had reopened the “Tshare Masonry Vault” so that users could withdraw before it is permanently closed.
The protocol’s native GRIM token dumped 80% at the time of the hack in a fall from $0.794 to $0.151 according to CoinGecko. It has currently recovered marginally to trade at $0.206 at the time of writing. GRIM is currently down 89% from its Oct 20 all-time high of $1.84.
A year of DeFi exploits
Grim Finance isn’t alone. DeFiYield’s “Rekt Database” currently reports that $2.5 billion has been lost to crypto and DeFi hacks, scams, and exploits over the past 5 years.
On Dec 14, Brinc Finance was exploited with $1.1 million lost, and a day earlier, the Vulcan Forged NFT game studio lost nearly $100 million in the second-largest attack after Poly Network.
Disclaimer
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.