The Decentralized Finance (DeFi) protocol Grim Finance reported losses of $ 30 million due to a re-entry exploit of the platform’s deposits.
Grim Finance officially announcement on December 18, that an “external attacker” exploited the DeFi platform, stealing “more than $ 30 million” in cryptocurrency.
According to Grim Finance, the hack was an “advanced attack”, with the attacker exploiting the protocol’s vault contract via five reentry loops, which allowed him to simulate five additional deposits in a vault while the platform -form processes the first deposit.
Grim suspended all safes after the attack to minimize the risk for future funds: “We have suspended all safes to prevent future funds from being endangered, please withdraw all your funds immediately.”
Grim noted that they had also informed the entities involved in the exploitation of major cryptocurrencies such as Circle (USDC), DAI and the AnySwap cross-chain protocol regarding the attacker’s address in order to freeze transfers of additional funds.
Grim Finance is positioning itself as a ‘compound return optimizer’ based on the DeFi-focused blockchain protocol, Fantom, allowing users to stake liquidity provider tokens using complex vault strategies.
According to data from Fantom (FTM) Blockchain Explorer, Grim Finance Exploit continued transaction on December 19. One of the addresses associated with the exploit holds $ 1.2 million in Bitcoin (BTC), $ 1.7 million in SpookyToken (BOO) and $ 13,700 in FTM tokens.
Some in the crypto community have suggested that Grim Finance should take responsibility for the exploit due to the failure to adopt proper reentry protection tools. DeFi security platform Rugdoc.io also argued that the protocol granted the user “more privileges than necessary.”
5) So what was the big mistake of dark finance?
1. No back-to-school care for a reason that absolutely needs it (@ 0xPaladinSec always points out)
2. Give the user more privileges than necessary: There is absolutely no need for the user to be able to choose the deposit token.
– Rugdoc.io (@RugDocIO) December 18, 2021
Related: Finance redefined: Two DeFi hacks exceed $ 120 million and the $ 500 million Algo fund is launched, from November 26 to December 31. 3
The growing popularity of DeFi sparked a number of new challenges for the cryptocurrency industry as hackers rushed to exploit loopholes in the emerging industry. At the beginning of December, the DeFi BadgerDAO protocol would have been exploited to the tune of 120 million dollars.