The Intelligent Insurer #46 — DeFi platform exploited in “Advanced Attack”
On December 19th, 2021, the decentralized finance (DeFi) protocol Grim Finance was exploited by hackers for $30 million. This incident happened barely six days after the breach on Vulcan Forged NFT marketplace where a hacker stole over $100 million. These developments join a growing list of attacks on DeFi platforms.
In the latest Intelligent Insurer, we examine the details of this attack on Grim Finance and its impact on the project and the users. We also consider alternative protection solutions that investors could use.
Grim Finance hacked for $30 million
In an announcement made by the Grim Finance team on Twitter, news emerged that over $30 million was stolen in Fantom (FTM) tokens from the DeFi platform. The attack, described as an “advanced attack”, was found in the vault contract putting all vaults and deposited funds at risk.
According to the team’s description, the attacker used the function titled beforeDeposit() from Grim Finance’s vault strategy to enter a malicious token contract. This act enabled the hacker to start five reentrancy loops using the malicious token contract from safeTransferFrom().
The malicious token contract code allowed the hacker to execute multiple undetected transactions and reset the current balance. The platform’s checks would refer to this manipulated balance and mint more shares, thus creating an infinite minting loop, allowing the hacker to siphon funds away from the protocol.
This hacker’s activities were undetected for six hours. By this time, all the stolen funds had been transferred to the hacker’s wallet, leaving Grim Finance and its community with only the option of securing what was left to avoid further exploitation.
Having acknowledged the situation, Grim Finance contacted and notified Circle (USDC), DAI, and AnySwap, seeking support in managing the situation by potentially freezing any further transactions involving the hacker’s wallet address. Other projects like Beefy, Tomb, SpiritSwap, and FTM Alerts also offered their support, especially in providing updates to the DeFi community regarding the situation.
Considering the complications of the incident, Grim Finance paused all of its vaults and advised users to withdraw all their funds immediately. Clients followed this advice and pulled out their funds from the DeFi platform. The result of this was a crash in the Total Value Locked (TVL) on Grim Finance from $98.9 million to $3.4 million in less than 72 hours.
Users need better digital asset protection
Situations like this are on the rise and have become a worry for many investors in the DeFi and cryptocurrency industry. Unlike the case of Vulcan Forged, where victims were refunded from the project’s treasury, there has been no mention of reimbursement in the case of Grim Finance. Worried users were asking if there was any form of insurance or any way of getting reimbursed for their losses.
While it is rare for crypto users to find blanket insurance under projects where they are invested, decentralized insurance solutions like Insured Finance can provide full security for assets against hacks and other risks associated with DeFi and cryptocurrencies. Any Grim Finance user with a running Insured Finance policy would have been eligible for reimbursement.
About Insured Finance
Insured Finance is a decentralized, peer-to-peer insurance marketplace. Users can request customized insurance on a wide variety of digital assets, thereby ensuring full protection. Those fulfilling requests can earn premiums and earn a competitive return on their capital. Claims are fully collateralized and settled instantly.