DeFi Platform Grim Finance Hacked, Lost $30M in Crypto
https://ift.tt/3EdcJXa
Another decentralized finance (DeFi) platform has fallen victim to a cyberattack, this time its Grim Finance. On Sunday, the Yield compounding tool was siphoned off $30 million worth of fantom tokens, the platform officially confirmed.
“The attackers’ address has been identified with over 30 million dollars worth of theft here,” Grim Finance developers tweeted on Sunday morning. “The exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk.”
Hello Grim Community,
It is with heavy hearts that we inform you that our platform was exploited today by an external attacker roughly 6 hours ago. The attackers address has been identified with over 30 million dollars worth of theft here https://t.co/qA3iBTSepb
— Grim Finance (@financegrim) December 19, 2021
The developers detailed that the attack was an advanced one as the attacker exploited Grim’s vault strategy by entering a malicious token contract. It used five reentrancy loops to fake five deposits while the platform was still processing the first deposit.
As a measure of safety, the developers have paused all of the vaults to prevent any future funds from being placed at risk and also urged users to ‘IMMEDIATELY’ withdraw all funds.
“The exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk,” the developers detailed.
They have also contacted and notified USD Coin issuer Circle, AnySwap, and Maker to block the hackers’ addresses and freeze the funds.
DeFi evolved from blockchain as the true challenger of the existing banking industry, but remains vulnerable to cyber-attacks. Most recently Vulcan Forged, which is a crypto gaming ecosystem, lost $140 million that already refunded most of the victims. Another platform Cream Finance suffered three attacks within months, losing more than $192 million worth of cryptocurrencies.
Cryptocurrency