Grim Finance Becomes the Latest Defi Exploit Following a $30 Million Hack
The Trust Project is a global partnership of news organizations dedicated to developing transparency standards.
The Grim Finance protocol has had a bad weekend, with the protocol reporting that it has been abused to the tune of $30 million.
On December 19, Grim Financial, a decentralized finance initiative, notified its users of an assault. According to the crew, the site was hacked by an “external attacker” who made off with $30 million worth of cryptocurrency.
The Grim Finance team continued by stating that the assault was sophisticated, with the hacker exploiting the protocol’s vault contract. It also said that the vaults had been suspended and advised users to remove their cash.
“All vaults have been paused to protect any future funds; please withdraw all of your funds IMMEDIATELY.” Grim Finance describes itself as a “compounding yield optimizer” that uses sophisticated vault tactics to improve the returns on liquidity provider tokens.
Around an hour prior to the malicious smart contract being exploited, the attacker used Tornado Cash to pre-fund Grim Finance’s Ethereum and Binance Smart Chain wallets. The stolen cryptocurrency was transferred from the Fantom network on which Grim runs to Ethereum and then converted to USDC and DAI.
Grim stated that the exploit was discovered in the vault contract, which means that all vaults and deposited funds are at risk at the moment. The hacker used a reentrancy attack to fool the protocol, which generates bogus additional deposits into a vault while an initial transaction is still in progress.
“We’ve contacted and notified Circle (USDC), DAI, and AnySwap about the attacker’s address in order to potentially halt any further fund transfers.”
The Grim Finance team said in a recent tweet that they have reopened the “Tshare Masonry Vault” to allow users to withdraw funds before it was permanently shuttered.
According to CoinGecko, the protocol’s native GRIM coin fell by 80 percent during the breach, from $0.794 to $0.151. It has now rebounded somewhat to trade at $0.206 as of this writing. GRIM is now down 89 percent from its all-time high of $1.84 set on October 20.
Grim Finance is not alone in this regard. According to DeFiYield’s “Rekt Database,” during the last five years, $2.5 billion has been lost to crypto and Defi hacks, frauds, and vulnerabilities.
Brinc Finance was exploited on Dec 14, resulting in a loss of $1.1 million, while the Vulcan Forged NFT gaming studio suffered a loss of approximately $100 million in the second-largest assault after Poly Network.