An apparent security flaw within the Grim Finance protocol allowed the assaulter to fake 5 extra deposits.
The decentralized finance (DeFi) protocol Grim Finance rumored $30 million in losses because of a reentrancy exploit of the platform’s deposits.
Grim Finance formally proclaimed on Saturday that an “external attacker” had exploited the DeFi platform, stealing “over $30 million” price of cryptocurrencies.
According to Grim Finance, the hack was an “advanced attack,” with the attacker exploiting the protocol’s vault contract through 5 reentrancy loops, that allowed them to pretend 5 extra deposits into a vault whereas the platform was process the primary deposit.
Grim paused all vaults when the attack to reduce the chance for future funds: “We have paused all of the vaults to forestall any future funds from being placed in danger, please withdraw all of your funds at once.”
Grim noted that they conjointly notified entities concerned in operative major cryptocurrencies like Circle (USDC), Dai (DAI) and also the cross-chain protocol AnySwap relating to the attacker address to freeze more fund transfers.
Grim Finance positions itself as a “compounding yield optimizer” designed on a DeFi-focused blockchain protocol, Fantom, permitting users to stake liquidity supplier tokens by using complicated vault ways.
According to the Fantom (FTM) Blockchain person information, Grim Finance user continuing transacting on Sunday. one in every of the addresses related to the exploit holds $1.2 million in Bitcoin (BTC), $1.7 million in SpookyToken (BOO) aboard $13,700 in FTM tokens.
Some within the crypto community steered that Grim Finance ought to hold responsibility for the exploit because of failing to adopt correct reentrancy protection tools. DeFi security platform Rugdoc.io conjointly argued that the protocol gave the user “more privilege than is critical.”
( Helen Partz, Cointelegraph, 2021)