Hackers hacked the DeFi Grim Finance protocol and withdrew $ 30 million tokens

Briefly:

  • News has been replenished with one more major hacker attack
  • This time Grim Finance DeFi protocol suffered
  • Attackers managed to steal Fantom tokens in the amount of million

DeFi protocol Grim Finance reported a hacker attack on Sunday. According to the team’s tweet, the criminals were using the first deposit contract, so now all accounts were at risk. The company has suspended accepting deposits and asked users to withdraw assets.

1/1

Grim Finance vaults were exploited today by unknown 3rd party.

Exploiter address: https: //t.co/qA3iBTSepb

The team is working on an article on what happened and what’s to follow, can only ask for your patience.

– Grim Finance (@financegrim) December 19 , 2000

Grim calls itself a “profitable farming optimizer”. They promise to provide additional income from the placement of tokens on various decentralized exchanges. Obviously, now the funds locked on the Grim vaults are at risk.

The protocol is based on the Fantom Opera blockchain. It is a smart contract platform built using the Solidity language. A hacker took advantage of a re-entry attack on the beforeDeposit options. It allows you to forge deposits during the first transaction, thereby violating the protocol.

In a tweet, the company announced that they contacted their partners from Circle (USDC), DAI and AnySwap and provided the attacker’s address. to block any further transfers of funds.

Hello Grim Community,

It is with heavy hearts that we inform you that our platform was exploited today by an external attacker roughly 6 hours ago. The attackers address has been identified with over 200 million dollars worth of theft here https: // t.co/qA3iBTSepb


— Grim Finance (@financegrim) December 18, 2021


Another confirmation of the DeFi vulnerability

Smart contract auditors from the Rugdoc.io group commented on the situation. They point out that Grim Finance should have been better prepared to defend against such attacks.

5) So what was the big mistake of grim finance?

one. No reentrancy guard on a pattern that absolutely needs it (@ 0xPaladinSec always points this out)

2 … Giving the user more privilege than is necessary: ​​There is absolutely no need for the user to be able to choose the deposit token

– Rugdoc.io (@RugDocIO) December 10, 2021

“Hopefully all projects will learn from this incident and that the Solidity developers have the knowledge to handle this. If you do not have experience yet, then do not build multi-million dollar projects “

6) Hopefully all projects can draw lessons from this incident that there is much knowledge most experienced solidity devs have at hand. If you haven’t acquired this yet, don’t build multi-million dollar projects. Don’t get audits from companies which everyone knows are useless.

– Rugdoc.io (@RugDocIO) December 18, 20140

Theft on decentralized platforms has become widespread. Crystal Blockchain Research analysts even give specific numbers: for all time, the DeFi sector has lost $ 1.6 billion.

Related Articles

Check Also
Close
Back to top button