Another decentralized finance (DeFi) platform has fallen victim to a cyberattack, this time its Grim Finance. On Sunday, the Yield compounding tool had $30 million worth of fantom tokens siphoned off, the platform officially confirmed.
“The attackers’ address has been identified with over 30 million dollars worth of theft here,” Grim Finance developers tweeted on Sunday morning. “The exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk.”
Hello Grim Community,
It is with heavy hearts that we inform you that our platform was exploited today by an external attacker roughly 6 hours ago. The attackers address has been identified with over 30 million dollars worth of theft here https://t.co/qA3iBTSepb
— Grim Finance (@financegrim) December 19, 2021
The developers detailed that the attack was an advanced one as the attacker exploited Grim’s vault strategy by entering a malicious token contract. It used five reentrancy loops to fake five deposits while the platform was still processing the first deposit.
As a measure of safety, the developers have paused all of the vaults to prevent any future funds from being placed at risk and have urged users to ‘IMMEDIATELY’ withdraw all funds.
“The exploit was found in the vault contract, so all of the vaults and deposited funds are currently at risk,” the developers detailed.
Moreover, they have contacted and notified USD Coin issuer Circle, AnySwap and Maker to block the hackers’ addresses and freeze the funds.
DeFi evolved from blockchain as the true challenger of the existing banking industry but remains vulnerable to cyber-attacks. Most recently Vulcan Forged, which is a crypto gaming ecosystem, lost $140 million and has already refunded most of the victims. Another platform Cream Finance suffered three attacks within the last few months, losing more than $192 million worth of cryptocurrencies.