DeFi protocol Grim Finance is revealing that hackers stole $30 million of user funds from the platform over the weekend.
What Happened: In a Twitter announcement on December 18, Grim Finance told users that it had identified the attackers' wallet address, which contained over $30 million worth of stolen funds.
Hello Grim Community,
— Grim Finance (@financegrim) December 19, 2021
It is with heavy hearts that we inform you that our platform was exploited today by an external attacker roughly 6 hours ago. The attackers address has been identified with over 30 million dollars worth of theft here https://t.co/qA3iBTSepb
“This was an advanced attack,” noted the DeFi platform, explaining that the exploit was carried out using a malicious token contract which started 5 reentrancy loops. This allowed the hackers to fake five additional deposits into a vault while the platform is processing the first deposit.
“We have paused all of the vaults to prevent any future funds from being placed at risk, please withdraw all of your funds IMMEDIATELY,” stated Grim Finance.
The platform said it has notified stablecoin issuers Circle (CRYPTO: USDC) and DAI, as well as the decentralized exchange AnySwap to potentially freeze fund transfers from the attackers' wallet address.
Grim Finance, built on the Fantom (CRYPTO: FTM) blockchain, lets users earn staking rewards and harvest yields through its Grim Vaults.
After the exploit, Total Value Locked (TVL) in the protocol fell from $98 million to $4.3 million as the majority of users likely withdrew their funds from the Vaults.
The rising popularity of DeFi has led to a growing number of similar attacks as hackers take advantage of flaws of the emerging industry.
Photo by NeONBRAND on Unsplash
