Withdraw All Your Funds Now, Grime Finance Tells Users After $30m Hack

The platform’s operators posted on Twitter, where they urged: “We have paused all of [our] vaults to prevent any future funds from being placed at risk. Please withdraw all of your funds immediately.”

The protocol claimed that an “advanced attack” had seen the hackers exploit “five reentrancy loops,” a move that enabled the attackers to create five fake deposits in one of its vaults while the protocol was processing an initial deposit on a “malicious token contract.”

Grim Finance wrote that as the “exploit was found in the vault contract,” “all of” its “vaults and deposited funds are currently at risk.”
But the attackers could still be traced, the protocol indicated, adding that the “[attackers’] address has been identified” – and that the hack had originated externally. Grim Finance wrote that it had contacted Circle, the mastermind of the USD Coin, as well as “DAI and AnySwap” “regarding the [attacker’s] address” in a bid to “potentially freeze any further fund transfers.”

Hello Grim Community,

It is with heavy hearts that we inform you that our platform was exploited today by an external attacker roughly 6 hours ago. The attackers address has been identified with over 30 million dollars worth of theft here https://t.co/qA3iBTSepb

— Grim Finance (@financegrim) December 19, 2021

Grim Finance is a self-styled “compounding yield optimizer,” and makes use of sophisticated vault strategies to offer its users high liquidity yields.

The news will come as a major blow for DeFi advocates, who are already reeling from a crippling attack on the BadgerDAO protocol. Earlier this month, that protocol was the subject of a $120 million hack that forced decision-makers to pause smart contracts on the platform.

One prominent Twitter-based observer called the BadgerDAO raid a “nasty front-end attack.”

Over the weekend, BadgerDAO announced, also on Twitter, that “all recoverable assets” had been “returned to the wallets from which they were taken, although it admitted that “this represents close to 40% of all affected users.” In a post, it claimed it was now time to “turn the lights back on” at Badger.

The hackers reportedly attacked the BadgerDAO protocol on the Ethereum blockchain network on one of its contract addresses.