Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
An apparent security flaw in the Grim Finance protocol allowed the attacker to fake five additional deposits.
The decentralized finance (DeFi) protocol Grim Finance reported $30 million in losses due to a reentrancy exploit of the platformâs deposits.
Grim Finance officially announced on Saturday that an âexternal attackerâ had exploited the DeFi platform, stealing âover $30 millionâ worth of cryptocurrencies.
According to Grim Finance, the hack was an âadvanced attack,â with the attacker exploiting the protocolâs vault contract through five reentrancy loops, which allowed them to fake five additional deposits into a vault while the platform was processing the first deposit.
Grim paused all vaults after the attack to minimize the risk for future funds: âWe have paused all of the vaults to prevent any future funds from being placed at risk, please withdraw all of your funds immediately.â
Grim noted that they also notified entities involved in operating major cryptocurrencies like Circle (USDC), Dai (DAI) and the cross-chain protocol AnySwap regarding the attacker address to freeze further fund transfers.
Grim Finance positions itself as a âcompounding yield optimizerâ built on a DeFi-focused blockchain protocol, Fantom, allowing users to stake liquidity provider tokens by employing complex vault strategies.
According to the Fantom (FTM) Blockchain Explorer data, Grim Finance Exploiter continued transacting on Sunday. One of the addresses associated with the exploit holds $1.2 million in Bitcoin (BTC), $1.7 million in SpookyToken (BOO) alongside $13,700 in FTM tokens.
Some in the crypto community suggested that Grim Finance should hold responsibility for the exploit due to failing to adopt proper reentrancy protection tools. DeFi security platform Rugdoc.io also argued that the protocol gave the user âmore privilege than is necessary.â
5) So what was the big mistake of grim finance?
1. No reentrancy guard on a pattern that absolutely needs it (@0xPaladinSec always points this out)
2. Giving the user more privilege than is necessary: There is absolutely no need for the user to be able to choose the deposit tokenâ Rugdoc.io (@RugDocIO) December 18, 2021
Related: Finance Redefined: Two DeFi hacks top $120M, and $500M Algo Fund launches, Nov. 26âDec. 3
The rising popularity of DeFi has triggered a number of new challenges for the cryptocurrency industry as hackers were rushing to exploit the flaws of the emerging industry. In early December, DeFi protocol BadgerDAO was reportedly exploited to the tune of $120 million.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.