Grim Finance Hacked for $30 Million in Fantom Tokens

In short

  • Grim Finance is a “compounding yield optimizer” constructed on the Fantom Opera blockchain.
  • It was the goal of a multimillion greenback exploit Saturday.

What? Did you count on one thing named “Grim” to ship good information?

The DeFi protocol was hacked for $30 million price of tokens Saturday, Grim Finance confirmed, in an “superior assault.” Based on a tweet from Grim Finance, “The exploit was discovered within the vault contract so all the vaults and deposited funds are at present in danger.”

Grim calls itself a “compounding yield optimizer,” that means it guarantees to wring further worth on liquidity supplier tokens customers obtain from decentralized exchanges in the event that they lock them up right into a Grim vault. As Grim places it in its protocol documentation, “Serving to customers reap extra rewards, hassle-free.”

The protocol is constructed atop the Fantom Opera blockchain, a sensible contract-enabled platform that’s constructed utilizing the Solidity language and is appropriate with Ethereum. The hacker used a reentrancy assault, which is an exploit that permits somebody to faux extra deposits right into a vault whereas an preliminary transaction remains to be going, thereby tricking the protocol. 

“We’ve got contacted and notified Circle (USDC), DAI, and AnySwap concerning the attacker handle to probably freeze any additional fund transfers,” Grim tweeted, however the attacker has already been busy laundering the ill-gotten funds via stablecoin transfers., a DeFi watchdog group of sensible contract auditors and traders, says Grim Finance ought to have identified higher and used a reentrancy guard.

“Hopefully all initiatives can draw classes from this incident that there’s a lot data most skilled solidity devs have at hand,” it wrote. “If you have not acquired this but, do not construct multi-million greenback initiatives. Do not get audits from corporations which everybody is aware of are ineffective.”

Grim touted an audit of its finance token and vault contracts from Solidity Finance. Based on Solidity Finance’s report, “ReentrancyGuard is utilized in related areas to preent [sic] reentrancy assaults.”

As of Sunday, deposits into all Grim Finance vaults stay paused to forestall additional theft.

Source link