On Sunday, $30M worth of Fantom tokens was stolen from Yield compounding tool Grim Finance. Preventive measures were taken to stop further damage.
The project developers informed that an external attacker was able to steal 30 million dollars from the grim finance platform. The exploits were identified to be in vault contract, thus putting all vaults and deposited funds at risk.
The exploit used by the attackers to steal the funds was “reentrancy”. This exploit is very common on Solidity, code-behind blockchains of Fantom and Ethereum. The attackers commence their attack by interacting with the network and calling an untrusted contract, this will allow the attackers to gain control over assets stored in the contact that was compromised, which, in this case, was Grim Finance’s yield-computing vault.
From the $30 M stolen by the attackers, most was routed to various decentralized exchanges like SpookySwap and AnySwap. On these exchanges, the attackers exchanged the Fantom token for other tokens such as dollar-pegged Stablecoin, USD coins.
To prevent any further losses all the vaults were paused by the developers, further, they have also asked Anyswap, USD coin issuer Circle, and Maker to freeze all assets that are associated with this exploit.
Disclaimer: The article is just to provide information and shouldn’t be considered as any financial advice. It is advisable to conduct thorough research before investing in any cryptocurrency.
Photo by – AKCreatif on Pixabay