Home Fantom Fantom DeFi Project Exploited for $30M

Fantom DeFi Project Exploited for $30M

Profitability tool Grim Finance had $30 million worth of Phantom tokens stolen from its protocol after being hacked on Sunday.

Fantom DeFi Project Exploited for $30M iBase Trading.
iBase Trading Crypto News

Profitability tool Grim Finance had $30 million worth of Fantom tokens stolen from its protocol after the hack on Sunday. As part of the project, there are precautions to prevent further damage.

Grimm Finance Hacked

The project’s developers tweeted on Sunday morning, informing the market that the platform underwent a hack by an external attacker. It was six hours ago.


In a separate tweet, he said that the theft was worth more than $30 million and that was at the attacker’s address.

He also announced that the exploitation was in a storage contract, putting all safe and deposited funds at risk.

Built on the Fantom Opera network, Grim Finance allows users to host liquidity pool tokens called Grim Vaults. It is automatically collecting returns and renewing rewards using strategies for higher returns.

The ease of bidding and harvesting increased Grim Finance’s profitability by attracting more than $100 million in user funds per protocol. This is according to the DeFiLlama analytics tool’s Total Fixed Value (TVL) metric. They were safe until yesterday.

How Does the Project Work?

The attackers used a “reentrant” exploit to steal funds from Grim Finance. These exploits are common in Solidity, Ethereum, and Fantom blockchain code. He confirmed that attackers were manipulating data by invoking untrusted contracts that could interact with the network and control assets stored in the contacts they use. This time it was Grim Finance’s lucrative vault.

According to researchers at the Phantom Blockchain, the attackers stole approximately $30 million worth of Phantom tokens. The data shows that these tokens already transferred to other Fantom-based decentralized exchanges (DEXs) like AnySwap and SpookySwap. USD coins and dollar-pegged stablecoins are examples of tokens that they use to exchange the stolen tokens.

On Sunday, developers suspended all storage facilities to prevent further damage. They also notified USDC Circle, AnySwap, and Maker that all assets in association with the exploitation had been frozen.

This hack caused a massive escape blocked by Grim Finance. TVL lost 84% in the last 24 hours. The Grim Finance vault has a remaining balance of $4.3 million.

Fantom Known Bug

Grim Finance is known to be a Profitability Optimizer. This development is on the Ethereum-compatible Phantom Opera blockchain. A project that allows users to block cryptocurrency tokens obtained by investing in other DeFi lending or borrowing projects and decentralized exchanges (DEXs) in vaults This allows the users to earn more interest on the funds being received.

As hackers celebrate their profits earned illegally, the lost Fantom (FTM) transferred to a different DEX and is being exchanged for other cryptocurrencies.

The first one to comment on @GrimFinance’s Twitter thread announcing the loss challenged the developer’s claim that the theft was an advanced attack, arguing that re-entry errors are a well-known type of exploit that an audit detects.

Rugdoc.io shared this view, a DeFi security project, which goes into very simple and direct details of the event, saying that the hack was because of the project’s inability to enable re-entry protection in one place, pertaining to its smart contracts, where it’s absolutely necessary. In addition to that, it also says that the project gives users too much control over the process.

According to Solidity Finance’s Grim audit, the project knows this type of exploit, claiming that it used “ReentrancyGuard” in an appropriate place to prevent re-entry attacks.

Solidity tweeted the error, stating that it happened as the Grim Finance auction grew rapidly in the fall. The note said that a new analyst performed the audit. This while our CTO was on vacation.


This issue was not in the peer-review process. This issue, which they recommend fixing on a regular basis, was in August and slipped through their process while recruiting new analysts.

Solidity audited more than 900 projects and said this was the second missed exploit.

Since then, they have further expanded their team, strengthened their internal skills and improved their peer review process, he added.

“The views and opinions on this Crypto News Website are solely those of the authors and contributors. These views and opinions do not necessarily represent those of iBaseTrading or its partners.”

Previous articleNeo Doubles Its Ecosystem
Next articleTRON: Empowering a Decentralized World
Tanya Smith is an editor at iBaseTrading. With M.A. in Journalism and Mass Communication, she is pursuing her dream of creating a positive difference in the media industry. She also enjoys Fashion and Travelling.