DeFi Protocol Grim Finance Loses $30 Million in Avoidable Hack

0
44

Security incidents are still all too common in the world of decentralized finance. For example, DeFi protocol Grim Finance has lost $30 million in funds due to a security weakness in the deposit contract. An attacker leveraged the exploit five times to maximize their impact, further highlighting the risky nature of this industry. 

Grim Finance Gets Exploited

It is not too uncommon to see DeFi protocols face security incidents. While such incidents are totally unacceptable, they keep happening time and time again. Without proper code audits and vetting, security will remain a pressing problem in decentralized finance. Moreover, every incident trips away any legitimacy this industry may have in the eyes of mainstream users. Something needs to change before things spiral out of control further.

One of the newer DeFi platforms, Grim Finance, experienced a reentry attack. More specifically, a culprit leveraged an exploit to affect platform deposits to their advantage. The hacker stole over $30 million in crypto assets through this approach. A preliminary report indicates that Grim Finance’s vault contract contained the loophole, which should have been audited and appropriately vetted before it was unveiled to the public. 

While the culprit made their initial deposit, the reentry attack allowed them to trick the system into thinking they made another five deposits. However, funds were only transferred once, as the other five deposits are entirely fake. An attack of this magnitude is often problematic for a compounding yield optimizer. Moreover, it brings negative attention to the Fantom ecosystem, a blockchain that has gained strong DeFi momentum over the past few weeks. 

The Grim Finance team paused all vaults to keep user funds safe after the attack. Moreover, users are advised to move their money off the platform entirely for the time being. It is unclear if and when the team will resume the services, although the analysis of this attack is not yet complete. Moreover, the team will try to freeze further funds transfers involving the stolen assets.

Will There Be A Recourse?

When exploits occur in the DeFi world, there are many unanswered questions. The first that comes to mind is whether or not Grim Finance will compensate affected users. A theft of $30 million is problematic, and it remains unclear if the attacker will eventually send the stolen funds back. Moreover, it raises the question of who is responsible for this attack: the Grim Finance team for not taking proper precautions or another entity for this incident. 

Not taking the necessary precautions is all too common in DeFi. No reentrancy guard and giving users more privileges than necessary creates a potent cocktail waiting to explore. Unfortunately, that will not help the affected users in the slightest. Getting back one’s stolen money may prove tricky for affected users. 

LEAVE A REPLY

Please enter your comment!
Please enter your name here