In an unfortunate incident, around $30 million worth of fantom tokens got stolen from Grim Finance due to an exploit yesterday. Following that, the protocol has taken measures to curb the damages.
In a tweet from Grim Finance’s account, they stated:
“We inform you that our platform was exploited today by an external attacker roughly 6 hours ago. The attackers’ address has been identified with over 30 million dollars worth of theft here.”
In a separate tweet, they added:
“The exploit was found in the vault contract, so all of the vaults and deposited funds are currently at risk.”
Grim Finance allows users to stake their liquidity pool tokens in its Grim Vaults. Through this, users can automatically receive their harvested yields and re-stake rewards via strategies.
Also, liquidity pool tokens are provided to decentralized exchange users who supply their own liquidity. In exchange, they receive a token reward from the platform.
Grim Finance had simplified the concept of staking and harvesting increased yields. Due to this, the project received over $100 in user funds.
According to DeFiLlama, Grim Finance now has only $3.9 million in Total Value Locked (TVL), unfortunately.
Exploiters used “reentrancy” exploit for stealing funds from the protocol. Through this, attackers manipulate the data via interaction with the network. They call in an untrusted contact, gaining control over the assets whenever they exploit a contract.
However, this time, they attacked Grim Finance’s yield-compounding vaults. They stole nearly $30 million worth of fantom tokens. The attackers swapped them for other tokens such as USDC.
As of now, developers have paused all vaults to prevent further damages.