Fantom DeFi Project Grim Finance Exploited for $30M

Yield compounding tool Grim Finance had $30 million worth of fantom tokens stolen from its protocol after an exploit on Sunday. The project took preventive measures to stop further damage.

“We inform you that our platform was exploited today by an external attacker roughly 6 hours ago. The attackers address has been identified with over 30 million dollars worth of theft here,” the project’s developers tweeted on Sunday morning. “The exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk,” they said in a separate tweet.

Built on the Fantom Opera network, Grim Finance allows users to stake their liquidity pool tokens in what it calls Grim Vaults, automatically harvesting yields and re-staking rewards using strategies for even higher yields.

Liquidity pool tokens are provided to decentralized exchange users who supply their own liquidity in return for a token reward from the platform. Such exchanges are a subset of the decentralized finance (DeFi) market, which relies on smart contracts instead of middlemen for financial services such as lending, trading, and borrowing.

The ease of staking and harvesting increased yields on Grim Finance attracted over $100 million in user funds to the protocol, according to total value locked (TVL) metrics on analytics tool DeFi Llama. They remained safe until yesterday.

Attackers used a “reentrancy” exploit to steal funds from Grim Finance. Such an exploit is common on Solidityhttps://consensys.github.io/smart-contract-best-practices/known_attacks/, the code behind the Ethereum and Fantom blockchains. It sees attackers manipulate data by interacting with the network and calling an untrusted contract, allowing them to gain control of the assets stored on whichever contact they exploited. This time, it was Grim Finance’s yield-compounding vaults.

The attackers took nearly $30 million in fantom tokens, data from Fantom blockchain explorers show. Much of that seems to have already been routed to other Fantom-based decentralized exchanges (DEX) such as AnySwap and SpookySwap, where the stolen tokens were exchanged for other tokens, such as USD coin, a dollar-pegged stablecoin, in one such instance.

Developers paused all vaults on Sunday to prevent further damages. They further informed USDC issuer Circle, AnySwap and Maker to freeze any assets related to the exploit.

The hack caused an exodus of total value locked on Grim Finance. Just $4.3 million remains in Grim Finance vaults, and TVL fell 84% in the past 24 hours.