cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Grim Finance latest DeFi exploit after $30m hack

It has been a grim weekend for the Grim Finance protocol which has reported that it had been exploited to the tune of $30 million.

user iconReporter
Tue, 21 Dec 2021
Grim Finance latest DeFi exploit after $30m hack
expand image

On 19 December, the Grim Finance team stated that the platform had been exploited by an “external attacker” that has made off with $30 million worth of crypto assets.

In a tweet, the decentralised finance project explained that it was an advanced attack in which the hacker exploited the protocol’s vault contract, adding that the vaults have been paused and recommended that user withdraw their funds.

“We have paused all of the vaults to prevent any future funds from being placed at risk, please withdraw all of your funds immediately,” the Grim Finance team tweeted.


Grim Finance describes itself as a “compounding yield optimiser” which employs complex vault strategies to offer boosted yields from liquidity provider tokens.

Smart contract exploited

About an hour before the malicious smart contract was exploited, the attacker pre-funded Grim Finance’s Ethereum and Binance Smart Chain wallets using Tornado Cash. The stolen crypto was bridged from the Fantom network on which Grim is based to Ethereum before being converted into USDC and DAI.

Grim Finance went on to explain that the exploit was found in the vault contract, so all of the vaults and deposited funds are currently at risk. The hacker tricked the protocol with a reentrancy attack which creates fake additional deposits into a vault while an initial transaction is still ongoing.

“We have contacted and notified Circle (USDC), DAI and AnySwap regarding the attacker address to potentially freeze any further fund transfers,” the Grim Finance team said.

The Grim Finance team also announced that the company had reopened the “Tshare Masonry Vault” so that users could withdraw before it is permanently closed.

The protocol’s native GRIM token dumped 80 per cent at the time of the hack in a fall from $0.794 to $0.151, according to CoinGecko.

It has currently recovered marginally to trade at $0.206 at the time of writing. GRIM is currently down 89 per cent from its 20 October all-time high of $1.84.

Grim Finance isn’t alone

DeFiYield’s “Rekt Database” has reported that $2.5 billion has been lost to crypto and DeFi hacks, scams and exploits over the past five years.

On 14 December, Brinc Finance was exploited with $1.1 million lost, and a day earlier, the Vulcan Forged NFT game studio lost nearly $100 million in the second-largest attack after Poly Network.

[Related: X2M bolsters expansion by securing significant China contract]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.