Decentralized finance (DeFi) protocol Grim Finance has suffered from a reentrancy exploit, which saw the platform loose $30 million in assets, Grim Finance revealed via Twitter on 19 December.
According to the announcement, the hacker used an “advanced attack” to exploit the protocol’s vault contract using five reentrancy loops, which allowed him to make five deposits into a vault while the platform was processing the first deposit. Upon discovering the attack, Grim Finance quickly paused all of its vaults to prevent further damages, but the attacker’s address already had over $30 million worth of stolen assets. The platform tweeted on Sunday:
The platform — which allows users to stake liquidity provider tokens on the Fantom blockchain — advised users to withdraw all of their assets “immediately”. It has also notified major crypto players — such as USD Coin (USDC) Circle, Maker DAO, and AnySwap — regarding the exploit, and requested that any assets related to the hack be frozen.
According to data from analytics tool DeFiLlama, the project had attracted around $100 million in total value locked (TVL) prior to the attack, which caused an exodus and left the project with just over $4 million in TVL. Such an occurrence is not strange in the DeFi world as shown by Vee Finance, which back in September lost $35 million worth of assets on an exploit, that saw its TVL crash from almost $130 million to $7 million currently.