Grim Finance, a Decentralized Finance (DeFi) agreement, reported that it lost $30 million due to the re-entry utilization of platform deposits.

Grim Finance official Announce On December 18, an “external attacker” used the DeFi platform to steal cryptocurrency worth “over 30 million US dollars”.

According to Grim Finance, this hack is an “advanced attack” in which the attackers passed five vault contracts that reenter the recycling protocol, which allowed them to forge the other five deposits to the vault when the platform processed the first deposit. middle.

Grim suspended all vaults after the attack to minimize the risk of future funds: “We have suspended all vaults to prevent any future funds from being at risk. Please withdraw all funds immediately.”

Grim pointed out that they also notified entities involved in operating major cryptocurrencies, such as Circle (USDC), DAI and AnySwap, a cross-chain protocol on the attacker’s address, to freeze further fund transfers.

Grim Finance positions itself as a “compound income optimizer” based on the DeFi-focused blockchain protocol Fantom, allowing users to mortgage liquidity providers’ tokens by adopting complex vault strategies.

According to Fantom (FTM) Blockchain Explorer data, Grim Finance Exploiter continue Trading on December 19. One of the addresses associated with the exploit holds $1.2 million in Bitcoin (Bitcoin), $1.7 million in SpookyToken (BOO) and $13,700 in FTM tokens.

Some in the crypto community suggested that Grim Finance should be held responsible for the vulnerability due to failure to adopt appropriate reentrant protection tools. DeFi security platform Rugdoc.io also argued that the agreement provides users with “privileges beyond necessary.”

5) What is the biggest mistake of the severe financial industry?
1. There is no reentrant protection for absolutely necessary patterns (@0xPaladinSec Always point this out)
2. Give users unnecessary privileges: Users absolutely do not need to be able to choose deposit tokens

-Rugdoc.io (@RugDocIO) December 18, 2021

related: Redefining finance: From November 26 to December, two DeFi hackers exceeded 120 million U.S. dollars, and the 500 million U.S. dollar Algo Fund was launched. 3

As hackers are eager to take advantage of the flaws in emerging industries, the growing popularity of DeFi has brought many new challenges to the cryptocurrency industry. In early December, it was reported that the DeFi protocol BadgerDAO $120 million was exploited.