By Shelly Melancon (Switzerland)
It was a sad weekend for the DeFi industry as another DeFi was hacked, with the attackers making away with $35m.
Users Should Withdraw Their Funds Immediately – Grim
On Sunday, DeFi protocol, Grim finance, issued an official statement notifying its users that the platform had been hacked and $35m worth of virtual assets was lost to the attackers. The statement further revealed that the hacker exploited the project’s smart contract to carry out the attack.
It also advised users to withdraw their funds as the vaults are paused. “The whole vaults are now paused to avoid risking the remaining funds. So, withdraw your funds now.” The project is a self-acclaimed “compound yielding optimizer” using composite vault techniques to boost yields from liquidity provider tokens.
Highlights Of The Attack And The Blame On Grim
Some sixty minutes before executing the attack, the hacker used tornado cash to pre-fund the protocol’s Ethereum and BSC wallets. Thus, the funds’ source can’t be traced because of a break in the on-chain that links sender to receiver. Then, he converted the stolen funds to Ethereum from the Fantom network where Grim is built. Lastly, he converted the funds to USDC and DAI.
The attacker outsmarted the protocol by creating several false deposits in a vault even though a previous transaction wasn’t concluded yet. Many crypto security experts, notably rufdoc.io, blamed Grim for the attack. They opined that this attack was a preventable one. According to RugDoc.io, installing a reentrancy guard would have prevented the attack from happening.
Also read:RugDoc further states that “this attack should serve as a lesson for other projects, especially the need to have solidity dev experts on the team. Without them, building multi-billion dollar projects would be a futile effort in the long term. Also, projects need to know that there is more to the security of a project than getting a security site audit which is gradually becoming useless.” Furthermore, RugDoc claims that an important security tip for DeFi projects is to prevent users from having a choice for depositing tokens.
Moving Forward
On mitigating the losses, Grim disclosed that it had informed USDC issuer (Circle), Anyswap, and DAI to prevent moving the funds from their platforms. The protocol also said users would be allowed to use the share masonry vault to withdraw their funds before fund withdrawals are closed permanently.
Coingecko data stated that Grim’s native token dipped by 75% following the public notice of the attack; it dropped from $0.793 to $0.152. However, it has recovered slightly to now trade at $0.165 as of this writing. Even before the fall, Grim has struggled to reach its peak price of $1.83 set two months ago.
A DeFi rekt data TRM labs indicate that hackers have stolen more than $590m since the beginning of this month. Asides from Grim protocol, Vulcan forged (an NFT platform), Brinc finance (another DeFi protocol), AscendEx, and Bitmart (both crypto exchanges) have been victims of various DeFi hacks. The total amount lost across all these platforms is estimated to be over $590m.
At Tokenhell, we help over 5,000 crypto companies amplify their content reach—and you can join them! For inquiries, reach out to us at info@tokenhell.com. Please remember, cryptocurrencies are highly volatile assets. Always conduct thorough research before making any investment decisions. Some content on this website, including posts under Crypto Cable, Sponsored Articles, and Press Releases, is provided by guest contributors or paid sponsors. The views expressed in these posts do not necessarily represent the opinions of Tokenhell. We are not responsible for the accuracy, quality, or reliability of any third-party content, advertisements, products, or banners featured on this site. For more details, please review our full terms and conditions / disclaimer.