Grim Finance loses $30M in 5x reentrancy hack attack
The DeFi protocol Grim Finance has reported a loss of $30 million due to a reentrancy exploit of the platform’s deposits.
Grim Finance has made an official announcement on December 18 that an “external attacker” had exploited the DeFi platform, and stolen “over $30 million” worth of cryptocurrencies.
As per Grim Finance, the hack had been an “advanced attack,” where the attacker reportedly exploited the protocol’s vault contract via five reentrancy loops. This allowed the hackers to fake five additional deposits into a vault, whereas the platform was processing the first deposit.
Grim has also paused all its vaults after the attack in order to minimize the risk for future funds, notifying its clients to withdraw all of their funds “immediately.”
Grim also said it had notified all entities involved in operating major cryptocurrencies like DAI, Circle (USDC), and the cross-chain protocol AnySwap about the hacker telling them to freeze further fund transfers.
Grim Finance has placed itself as a “compounding yield optimizer” that is built on DeFi-focused blockchain protocol, Fantom and has allowed its users to stake liquidity provider tokens through employing complex vault strategies.
According to the Fantom (FTM) Blockchain Explorer data, Grim Finance Exploiter had continued transacting on December 19. One of the addresses associated with the accounts exploit holds $1.2 million in Bitcoin, $1.7 million in SpookyToken (BOO) and $13,700 in FTM tokens.
Some among the crypto community have suggested that Grim Finance should hold responsibility for the hack due to failing to adopt proper reentrancy protection tools. DeFi security platform Rugdoc.io has even argued that the protocol was responsible for giving the user “more privilege than is necessary.”
The increasing popularity of DeFi has triggered a string of new challenges for the cryptocurrency industry as hackers had been rushing to exploit the flaws of the emerging industry.
In early December 2021, DeFi protocol BadgerDAO had also reported an exploitation of $120 million.
