Advertisement
Advertisement

Withdraw All Your Funds Now, Grime Finance Tells Users After $30m Hack

By:
Tim Alper
Updated: Dec 20, 2021, 15:55 GMT+00:00

%%excerpt%% Grim Finance admitting over the weekend that it had been hit by a series of hacks worth some $30 million, following a larger hack on the BadgerDAO protocol earlier in December.

Wanted,Hackers,Coding,Virus,Ransomware,Using,Laptops,And,Computers.,Cyber

The platform’s operators posted on Twitter, where they urged: “We have paused all of [our] vaults to prevent any future funds from being placed at risk. Please withdraw all of your funds immediately.”

The protocol claimed that an “advanced attack” had seen the hackers exploit “five reentrancy loops,” a move that enabled the attackers to create five fake deposits in one of its vaults while the protocol was processing an initial deposit on a “malicious token contract.”

Grim Finance wrote that as the “exploit was found in the vault contract,” “all of” its “vaults and deposited funds are currently at risk.”
But the attackers could still be traced, the protocol indicated, adding that the “[attackers’] address has been identified” – and that the hack had originated externally. Grim Finance wrote that it had contacted Circle, the mastermind of the USD Coin, as well as “DAI and AnySwap” “regarding the [attacker’s] address” in a bid to “potentially freeze any further fund transfers.”

Grim Finance is a self-styled “compounding yield optimizer,” and makes use of sophisticated vault strategies to offer its users high liquidity yields.

The news will come as a major blow for DeFi advocates, who are already reeling from a crippling attack on the BadgerDAO protocol. Earlier this month, that protocol was the subject of a $120 million hack that forced decision-makers to pause smart contracts on the platform.

One prominent Twitter-based observer called the BadgerDAO raid a “nasty front-end attack.”

Over the weekend, BadgerDAO announced, also on Twitter, that “all recoverable assets” had been “returned to the wallets from which they were taken, although it admitted that “this represents close to 40% of all affected users.” In a post, it claimed it was now time to “turn the lights back on” at Badger.

The hackers reportedly attacked the BadgerDAO protocol on the Ethereum blockchain network on one of its contract addresses.

About the Author

Tim Alperauthor

Tim Alper is an IT writer with over a decade and a half of top-level journalism experience. He has written about tech, including crypto and blockchain, as well as other subjects for leading media outlets including the BBC, the Guardian, the Times of Israel, Chosun Ilbo, Maeil Kyungjae, Kyunghyang Shinmun, the Korea Times and the Jewish Chronicle. He has also worked with major bands in the IT space, including Microsoft, Samsung and Accenture.

Advertisement