- Grim Finance is the most recent victim in a string of DeFi attacks.
- The firm is requesting all investors to pull out their funds.
- DeFi hacks are now a frequent occurrence.
DeFi hacks have become very commonplace in recent times. The compound yield protocol Grim Finance became the latest victim in an attack over the weekend that saw the company lose millions.
Details Of The Attack
Grim Finance lost about $30 million in an attack on its protocol on Saturday. The firm on Sunday took to Twitter to confirm the attack and the steps it would be taking to prevent further damage.
“It is with heavy hearts that we inform you that our platform was exploited today by an external attacker roughly 6 hours ago. The attacker’s address has been identified with over 30 million dollars worth of theft here.” In another post, they said, “The exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk.”
Grim Finance is a DeFi protocol that uses the Fantom Opera blockchain framework, popular for its DeFi and dApps applications. The protocol utilizes strategies to help users compound their yields from staking crypto in their “Grim Vaults.”
Liquidity pool tokens are the only tokens users can stake in the Grim Vaults. They are given to users of DEX platforms that offer their liquidity in exchange for crypto returns. Systems like these in DeFi function with the aid of hardcoded smart contracts to reduce the inefficiencies of traditional financial intermediaries.
DeFiLlama data shows that Grim Finance had at least $100 million locked in the system as investors kept pouring in due to the potential of higher yields as well as the seamless staking process. There had been no record of a security breach till this weekend.
In continuation of their thread, the firm disclosed the technique used by the hackers. Grim Finance confirmed that the criminals utilized a commonplace Solidity hack, the programming language that the Fantom Opera blockchain is built on. The technique identified as “re-entry” enables cybercriminals to take control of assets held by contracts they have compromised. In this instance, the hackers could take control of the assets stored in the Grim Vaults.
As stated previously, the protocol lost at least $30 million worth of tokens in the attack; this is according to records from Fantom blockchain explorers. The tokens have been traced to various DEX platforms, and in certain cases, they have been swapped for stablecoins like USDC.
The firm stated that they had put all vaults on hold to prevent further exposure of investor capital. Grim Finance also advised users to pull out their funds immediately to avoid losing them. All crypto companies involved have also been contacted to prevent the criminals from moving any more tokens. Fantom token is currently down nearly 7% today.
The Neverending Plague Of Cyber Attacks
The DeFi space, along with NFTs and the metaverse, has seen a lot of growth this year. Criminal elements who want to get their hands on the large amounts held in this space have also noticed this growth.
This year alone, there have been at least 200 recorded attacks on crypto protocols. December alone has seen three high-profile hacks that have led to the loss of over $300 million combined before this attack. BadgerDAO was first then AscendEx, formerly Bitmax, before crypto gaming platform Vulcan Forged admitted to 96 wallets being compromised. Due to the risks, investors have been warned to do adequate research before opting into these projects.