The latest DeFi protocol to be hit by an exploit is Grim Finance, the hack took place on Saturday and was made public by the project in a tweet. All deposits into the Grim Finance vaults have been put on hold to stop any more thefts.
An “aggressive attack” took $30 million worth of tokens from Grim Finance, a DeFi protocol, on Saturday, it said. In a tweet from the project, “The exploit was found in the contract for the vault, so all of the vaults and funds are at risk.”
When users get liquidity provider tokens from decentralized exchanges, Grim promises to get more value out of them if they keep them in a Grim vault.
Grim calls itself a “compounding yield optimizer.” Grim says in its protocol documentation that it wants to “help users get more rewards, without any hassle.”
Built on top of the Fantom Opera blockchain, which is a smart contract-enabled platform built with the Solidity language and is compatible with Ethereum.
The protocol is built on top of this platform. The hacker used a reentrancy attack, which is an exploit that lets someone make fake deposits into a vault while the first transaction is still going on. This means that the protocol was fooled.
Hello Grim Community,
It is with heavy hearts that we inform you that our platform was exploited today by an external attacker roughly 6 hours ago. The attackers address has been identified with over 30 million dollars worth of theft here https://t.co/qA3iBTSepb
— Grim Finance (@financegrim) December 19, 2021
“We’ve told Circle (USDC), DAI, and AnySwap about the attacker’s address so that they might be able to stop any more money transfers,” Grim tweeted. The attacker has already been laundering the stolen money through stablecoin transfers.
Smart contract auditors and investors say that Grim Finance should have used a reentrancy guard. Rugdoc.io says that Grim Finance should have known better and used a reentry guard.
“We hope that all projects can learn from this incident that there is a lot of solidity knowledge that most experienced solidity developers have.” “If you haven’t done this yet, don’t do big projects that cost a lot. Don’t get audits from companies that everyone knows aren’t worth the money.”
Grim shared a report from Solidity Finance that looked at its finance token and vault contracts. According to Solidity Finance’s report, “ReentrancyGuard is used in places where reentry attacks are likely to happen.”
In the middle of the day on Sunday, all deposits into the Grim Finance vaults have been put on hold to stop any more thefts.