Fantom Project Hit By $30 Million Hack
Grim Finance has been hacked
This weekend, an unknown attacker stole $30 million from the project’s yield vaults.
The Grim Finance team announced the attack in a Sunday tweet, revealing the total losses and that it had identified the hacker’s address.
Grim Finance is a DeFi project built on Fantom. It functions similarly to the popular Ethereum protocol Yearn.Finance, letting users deposit crypto assets like FTM to “vaults.” The project’s vaults use complex multi-step strategies across DeFi to generate lucrative yields for users.
The team described the incident as an “advanced attack” in which a hacker exploited a reentrancy bug to steal funds deposited in its vaults. The hacker used the bug to drain over $30 million worth of FTM. Their transaction history shows a paper trail of interactions with Fantom-based decentralized exchanges like SpookySwap, where they exchanged their stolen tokens for stablecoins.
The has seen millions of dollars worth of losses due to other similar reentrancy bugs over the last year. In August, an attacker exploited a reentrancy bug in Cream Finance’s smart contracts to steal $17.6 million. They later returned the majority of the funds.
Following the hack, the Grim Finance team announced that it had paused its vaults and notified Circle, Maker, and AnySwap to “potentially freeze” further transfers. The total value locked in the protocol, meanwhile, has tumbled from $98.9 million to $4.2 million following the incident, per data provided by DeFiLlama. The GRIM token is also down about 70% following the attack, trading at $0.23 at press time.