Another DeFi protocol fell victim to the hack. According to security expert Vahe Karapetuan, GrimFinance is estimated to lose $ 40 million and criminals have used the same vulnerability as flash loans.
Another DeFi protocol hack – GrimFinance
First, the hacker took a two-token flash loan and added liquidity to SpiritSwap, which allowed him to pay a reward in SPIRIT and apply for a deposit.
A series of various commands then allowed the hacker to gain control of a large number of borrowed tokens. Using the Spirit LP token, the hacker was able to make a second deposit, which allowed him to obtain a large number of additional tokens.
“Grim Finance was attacked 2 hours ago. Estimated loss: $ 40 million
Grim Finance(https://t.co/i6qxb1ObEy) got hacked 2 hours ago
— kemmio (@k3mmio) December 18, 2021
Estimated loss: $40mln
One of the attacking transactions: https://t.co/BBWUq72CBN
Attack Analysis:#FTM #ETH #BSC #GrimFinance #GrimExploit
1/4
It is now known that more than 40 transactions were made during the hacking. The estimated loss is calculated by summing all transactions in various crumbs, including BTC and Wrapped Phantom tokens.
The stolen funds have not yet been transferred to any exchange or address. Because most resources remain at one address, and if desired, the centralized exchange can limit the actions of the hacker, as was the case with Poly.Network, which, of course, is no problem, although the maximalists will tell you otherwise.
Grim.Finance has just joined a long line of hacks. A few days ago, the Cybercriminals hacked the Vee.Finance protocol and stole 35 million dollars in various crunches.
DragonMaster, Gods Unchained and ZionVerse – new features