Grim Finance hacked – $30 million worth of tokens stolen

According to Grim Finance, it was an “advanced attack” in which hackers exploited a flaw in the vault contract.

Grim Finance, a DeFi protocol, and Smart Yield Optimizer Platform has announced that the platform was hacked Saturday 18th in an “advanced attack” that allowed hackers to steal over $30 million worth of Fantom Tokens.

In a series of tweets, Grim Finance explained that the attack was possible because unknown attackers exploited a flaw in its vault contract. Resultantly, the platform has paused all the vaults to avoid further damage as deposited funds are currently at risk.

Grim Finance hacked - $30 million worth of tokens stolen

Attacker’s address

“The attacker attacked using the function titled beforeDeposit() from our vault strategy entering a malicious token contract,” the Grim team said.

The malicious token contract can start 5 reentrancy loops from safeTransferFrom(), where in all 5 rentrancies, the _pool value is set to the current balance(). On the last safeTransferFrom(), the rentrancy loop is broken, and some want can be transferred to the strategy,

— Grim Finance (@financegrim) December 19, 2021

Although, all vaults have been paused Grim Finance is allowing users to

Read More: https://www.hackread.com/grim-finance-hacked-30-million-stolen/