The smart investors who’ve made fortunes off crypto may be just as many as the hackers who’ve become equally wealthy. Over the past year, cybercriminals have made off with billions of dollars in digital currency by tapping the vulnerabilities of cryptocurrency exchanges that have been established over time. Crypto and illegal activities are a match made in hell regardless of the crypto market’s capitalization, AMB Crypto wrote.
Grim confirms losses
Grim Finance, a Smart Yield Optimizer Platform running on Fantom Opera, is all over the news, but unfortunately these aren’t good for Grim or its community. Grim has become the latest victim to a massive hack, in which around $40 million was lost. The team confirmed the hack on Twitter:
Hello Grim Community, it is with heavy hearts that we inform you our platform was exploited today by an external attacker roughly 6 hours ago. The attackers address has been identified with over 30 million dollars’ worth of theft here.
The team added that the attack had been advanced. It was carried out using the function titled beforeDeposit() from the exchange’s vault strategy, entering a malicious token contract. Subsequently, the Grim team presented a brief analysis of the attack:
The malicious token contract can start 5 reentrancy loops from safeTransferFrom(), where in all 5 reentrancies, the _pool value is set to the current balance(). On the last safeTransferFrom(), the reentrancy loop is broken, and some can be transferred to the strategy.
The Grim future
Grim paused all vaults to prevent further attacks, although it’s too late by many accounts. Some vaults will be activated again so users can remove their funds. The big problem is that the exploit occurred in the vault contract. In other words, all funds deposited remain at risk.
The team took note of this and put out an alert to notify Circle, DAI, and AnySwap of the attacker’s address to block any additional fund transfers. A large number of projects, including Tomb, Beefy, FTM Alerts, and SpiritSwap, expressed their support for Grim. Unfortunately…
The damage is done
Support or no support, this is an indisputable fact. Grim Finance and its native token RIPPER lost 70% in the last 24 hours. At the time of writing, REAPER was trading at $0.0127 after the major setback. Will it reverse its losses? Only time will tell. At any rate, Grim will have to compensate the affected users.
