BanklessTimes
Home News Grim future: Grim Finance loses $40M in hack, token crashes

Grim future: Grim Finance loses $40M in hack, token crashes

Daniela Kirova
Daniela Kirova
Daniela Kirova
Author:
Daniela Kirova
Writer
Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.
January 31st, 2023

The smart investors who’ve made fortunes off crypto may be just as many as the hackers who’ve become equally wealthy. Over the past year, cybercriminals have made off with billions of dollars in digital currency by tapping the vulnerabilities of cryptocurrency exchanges that have been established over time. Crypto and illegal activities are a match made in hell regardless of the crypto market’s capitalization, AMB Crypto wrote.

Grim confirms losses

Grim Finance, a Smart Yield Optimizer Platform running on Fantom Opera, is all over the news, but unfortunately these aren’t good for Grim or its community. Grim has become the latest victim to a massive hack, in which around $40 million was lost. The team confirmed the hack on Twitter:

Hello Grim Community, it is with heavy hearts that we inform you our platform was exploited today by an external attacker roughly 6 hours ago. The attackers address has been identified with over 30 million dollars’ worth of theft here.

The team added that the attack had been advanced. It was carried out using the function titled beforeDeposit() from the exchange’s vault strategy, entering a malicious token contract. Subsequently, the Grim team presented a brief analysis of the attack:

The malicious token contract can start 5 reentrancy loops from safeTransferFrom(), where in all 5 reentrancies, the _pool value is set to the current balance(). On the last safeTransferFrom(), the reentrancy loop is broken, and some can be transferred to the strategy.

The Grim future

Grim paused all vaults to prevent further attacks, although it’s too late by many accounts. Some vaults will be activated again so users can remove their funds. The big problem is that the exploit occurred in the vault contract. In other words, all funds deposited remain at risk.

The team took note of this and put out an alert to notify Circle, DAI, and AnySwap of the attacker’s address to block any additional fund transfers. A large number of projects, including Tomb, Beefy, FTM Alerts, and SpiritSwap, expressed their support for Grim. Unfortunately…

The damage is done

Support or no support, this is an indisputable fact. Grim Finance and its native token RIPPER lost 70% in the last 24 hours. At the time of writing, REAPER was trading at $0.0127 after the major setback. Will it reverse its losses? Only time will tell. At any rate, Grim will have to compensate the affected users.

Contributors

Daniela Kirova
Writer
Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.