x
Black Bar Banner 1
x

Welcome to Markethive

Grim Finance Hacked for $30 Million in Fantom Tokens

Posted by Andries Van Tonder on December 20, 2021 - 7:44am

Grim Finance Hacked for $30 Million in Fantom Tokens

Grim Finance is the latest DeFi protocol to be hit by an exploit.

By Jeff Benson

In brief

  • Grim Finance is a "compounding yield optimizer" built on the Fantom Opera blockchain.
  • It was the target of a multimillion dollar exploit Saturday.

What, did you expect something named "Grim" to deliver good news?

Grim Finance, a DeFi protocol, was hacked for $30 million worth of tokens Saturday, it confirmed, in an "advanced attack." According to a tweet from the project, "The exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk."

Grim calls itself a "compounding yield optimizer," meaning it promises to wring extra value from liquidity provider tokens that users receive from decentralized exchanges if they lock them up in a Grim vault. Grim touts in its protocol documentation, "Helping users reap more rewards, hassle-free."

The protocol is built atop the Fantom Opera blockchain, a smart contract-enabled platform that is built using the Solidity language and is compatible with Ethereum. The hacker used a reentrancy attack, which is an exploit that allows someone to fake additional deposits into a vault while an initial transaction is still going, thereby tricking the protocol. 

"We have contacted and notified Circle (USDC), DAI, and AnySwap regarding the attacker address to potentially freeze any further fund transfers," Grim tweeted, but the attacker has already been busy laundering the ill-gotten funds through stablecoin transfers.

Rugdoc.io, a DeFi watchdog group of smart contract auditors and investors, says Grim Finance should have known better and used a reentrancy guard.

"Hopefully all projects can draw lessons from this incident that there is much knowledge most experienced solidity devs have at hand," it tweeted. "If you haven't acquired this yet, don't build multi-million dollar projects. Don't get audits from companies which everyone knows are useless."

Grim shared an audit of its finance token and vault contracts from Solidity Finance. According to Solidity Finance's report, "ReentrancyGuard is used in relevant locations to preent [sic] reentrancy attacks."

As of Sunday afternoon, all deposits into Grim Finance vaults remain paused to prevent further theft.

Corneliu Boghian good info , thanks for sharing
December 21, 2021 at 8:56am
Andries Van Tonder thank you for reading it Adonel
December 20, 2021 at 11:36am
Adonel Lowings Hopefully all projects can draw lessons from this incident that there is much knowledge most experienced solidity devs have at hand.
December 20, 2021 at 11:35am
Andries Van Tonder thank you Liaquat, appreciate it
December 20, 2021 at 9:35am
Liaquat Ali Mirani Thank you for sharing information.
December 20, 2021 at 9:26am
Andries Van Tonder thank you for reading it Simon
December 20, 2021 at 8:45am
Simon Keighley That's not good news for Grim Finance's DeFi protocol, Andries - thanks for sharing the news.
December 20, 2021 at 8:33am