Over 30 million USD were reported to have been stolen from the decentralized finance (DeFi) protocol Grim Finance, after hackers have exploited a vulnerability in the platform.
The attack happens a week after the Singapore- based Crypto Exchange AscendEX was hacked for some 77 million USD.
According to a Tweet by Grim Finance we are talking about “an advanced attack”, where hackers have exploited the platform’s vault contract protocol through five reentrancy loops, which allowed them to fake five additional deposits into the vault while the DeFi platform was still processing the first deposit.
Grim Finance advises all users to withdraw their funds immediately. “We have paused all of the vaults to prevent any future funds from being placed at risk, please withdraw all of your funds immediately”, the DeFi platform tweeted on Sunday, adding that “the attackers’ address has been identified with over 30 million dollars worth of theft here. The exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk.”
Grim Finance also say that they have contacted the operators of some crypto coins like Circle (USDC) and Dai, as well as the cross- chain protocol AnySwap, informing them of the hackers address, so that further transfer of funds can be frozen.
Solidity Finance, a DeFi auditing company, which has assessed the security of Grim Finance just four months ago, issued an apology saying that the attack was possible because of “the ability of users to input arbitrary addresses and have them called within the depositFor function”, elaborating further that “via reentrancy, the issue allowed users to falsely increase their shares in Grim’s vaults and subsequently withdraw more than they had deposited”.
Solidity Finance also said that the vulnerability was missed by “a new analyst” while the company’s Chief Technology Officer was on a holiday trip. “This audit was performed by an analyst who was new to the team… unfortunately this issue was not caught in our peer review process”, the auditing firm said.
Grim Finance says to be operating as a “compounding yield optimizer”, built on the decentralized finance (DeFi) block chain protocol Fantom, which allows its users to stake liquidity pool tokens in vaults and harvest yields and re-staking rewards.
According to Fantom (FTM) Blockchain Explorer data, one of the addresses associated with the hack was holding 1,2 million USD in Bitcoins, 1,7 million USD in SpookyTokens and 13 700 USD in FTM tokens.
Before the attack the total amount of funds on the Grim Finance platform exceeded 100 million USD.
In August a hacker behind one of the largest crypto thefts in history, which robbed Poly Network users of more than 600 million USD, said it has all been done “for fun” and returned about half of the stolen funds.
Source
Every time I hear about something like that I wonder what it would be like if banks got hacked like that every other day the way crypto exchanges are. The crypto industry has an issue with security and until that is fixed it will never be fully accepted in the mainstream.
The attack happens a week after the Singapore- based Crypto Exchange AscendEX was hacked for some 77 million USD.
According to a Tweet by Grim Finance we are talking about “an advanced attack”, where hackers have exploited the platform’s vault contract protocol through five reentrancy loops, which allowed them to fake five additional deposits into the vault while the DeFi platform was still processing the first deposit.
Grim Finance advises all users to withdraw their funds immediately. “We have paused all of the vaults to prevent any future funds from being placed at risk, please withdraw all of your funds immediately”, the DeFi platform tweeted on Sunday, adding that “the attackers’ address has been identified with over 30 million dollars worth of theft here. The exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk.”
Grim Finance also say that they have contacted the operators of some crypto coins like Circle (USDC) and Dai, as well as the cross- chain protocol AnySwap, informing them of the hackers address, so that further transfer of funds can be frozen.
Solidity Finance, a DeFi auditing company, which has assessed the security of Grim Finance just four months ago, issued an apology saying that the attack was possible because of “the ability of users to input arbitrary addresses and have them called within the depositFor function”, elaborating further that “via reentrancy, the issue allowed users to falsely increase their shares in Grim’s vaults and subsequently withdraw more than they had deposited”.
Solidity Finance also said that the vulnerability was missed by “a new analyst” while the company’s Chief Technology Officer was on a holiday trip. “This audit was performed by an analyst who was new to the team… unfortunately this issue was not caught in our peer review process”, the auditing firm said.
Grim Finance says to be operating as a “compounding yield optimizer”, built on the decentralized finance (DeFi) block chain protocol Fantom, which allows its users to stake liquidity pool tokens in vaults and harvest yields and re-staking rewards.
According to Fantom (FTM) Blockchain Explorer data, one of the addresses associated with the hack was holding 1,2 million USD in Bitcoins, 1,7 million USD in SpookyTokens and 13 700 USD in FTM tokens.
Before the attack the total amount of funds on the Grim Finance platform exceeded 100 million USD.
In August a hacker behind one of the largest crypto thefts in history, which robbed Poly Network users of more than 600 million USD, said it has all been done “for fun” and returned about half of the stolen funds.
Source
Every time I hear about something like that I wonder what it would be like if banks got hacked like that every other day the way crypto exchanges are. The crypto industry has an issue with security and until that is fixed it will never be fully accepted in the mainstream.
