Reading time: ~ 2 m
Another DeFi protocol has fallen victim to a hack. According to security expert Vahe Karapetyan, the estimated loss of GrimFinance is $ 40 million, and the criminals used the same vulnerability as in flash loans.
First, the hacker took out a flash loan for two tokens and added liquidity to SpiritSwap, which allowed him to issue rewards in SPIRIT and make a deposit request.
A sequence of different commands then allowed the hacker to gain control of a large number of borrowed tokens. Using the Spirit LP token, the hacker was able to make a second deposit, which allowed him to receive a large number of additional tokens.
Grim Finance was hacked 2 hours ago. Estimated loss: $ 40 million
Grim Finance(https://t.co/i6qxb1ObEy) got hacked 2 hours ago
Estimated loss: $40mln
One of the attacking transactions: https://t.co/BBWUq72CBN
Attack Analysis:#FTM #ETH #BSC #GrimFinance #GrimExploit
– Vahe Karapetyan (3 k3mmio) December 18, 2021
It is currently known that more than 40 transactions have been made since the hack. The estimated loss is calculated by adding up all transactions in different cryptocurrencies, including bitcoins and wrapped Fantom tokens.
The stolen funds have not yet been transferred to any exchange or address. Since most of the funds remain at one address, and if desired, centralized exchanges can restrict the actions of a hacker, as was the case with Poly.Network.
Grim.Finance just joined a long line of hacks. Earlier, cybercriminals hacked the Vee.Finance contract, stealing $ 35 million in various cryptocurrencies.
#DeFiprotocol #GrimFinance #lost #million #due #hacking