Grim Finance, decentralized finance (DeFi) protocol, reported $30 million in losses due to a reentrancy exploit of the platform’s deposits.
Grim Finance announced on December 18 that an “external attacker” had exploited the DeFi platform. Stealing “over $30 million” in cryptocurrencies.
According to Grim Finance, the hack was an “advanced attack,” with the attacker exploiting the protocol’s vault contract through five reentrancy loops. Allowing them to make five more deposits into a vault while the platform processed the first.
“We have paused all vaults to prevent any future funds from being placed at risk; please withdraw all of your funds immediately,” Grim said following the attack.
Grim stated that they informed all parties involved
Grim also stated that they notified entities involved in the operation of major cryptocurrencies such as Circle (USDC), DAI. And the cross-chain protocol AnySwap about the attacker address in order to prevent further fund transfers.
The Grim Finance bills itself as a “compounding yield optimizer” based on Fantom, a DeFi-focused blockchain protocol that allows users to stake liquidity provider tokens using complex vault strategies.
Grim Finance Exploiter continued to transact on December 19, according to Fantom (FTM) Blockchain Explorer data. One of the addresses linked to the exploit holds $1.2 million in Bitcoin (BTC), $1.7 million in SpookyToken (BOO), and $13,700 in FTM tokens.
Some in the crypto community believe Grim Finance should hold accountable for the exploit because it failed to implement proper reentrancy protection tools. Rugdoc.io, a DeFi security platform, also claimed that the protocol granted the user “more privilege than is required.”
1) The culprit? A before-after pattern without reentrancy guard. This is a big no-no.
Read the following posts for the full explanation. pic.twitter.com/y4aPkLJHfU
— Rugdoc.io (@RugDocIO) December 18, 2021
As hackers rushed to exploit the flaws of the emerging industry, the rising popularity of DeFi triggered a slew of new challenges for the cryptocurrency industry. BadgerDAO, a DeFi protocol, reportedly exploited to the tune of $120 million in early December.