Hacked Grim Finance’s Auditors Blame New Analyst For Missing the Issue

Altcoins DeFi Hack
Last updated:
Author
Author
Ruholamin Haqshanas
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships.
Source: AdobeStock Rawpixelcom

 

Auditors of the decentralized finance (DeFi) platform Grim Finance, which was exploited for USD 30m worth of digital assets on Sunday, claim that a new analyst had conducted the protocol’s audit while their Chief Technology Officer (CTO) was on vacation.

On December 19, Grim Finance informed users that the project was exploited by an external hacker. “The attacker attacked using the function titled beforeDeposit() from our vault strategy entering a malicious token contract,” the team detailed.

Approximately four months ago, Grim Finance was audited by Solidity Finance, a smart contract auditing service. The service said that the issue slipped through their auditing process as they were overwhelmed by the number of projects and busy onboarding new analysts.

“When conducting the Grim Finance audit ~4 months ago, our firm was experiencing rapid growth and hiring. This audit was performed by an analyst who was new to the team & while our CTO was on vacation; and unfortunately this issue was not caught in our peer review process,” Solidity Finance said

According to Rugdoc.io, a DeFi watchdog, the Grim Finance hacker used a reentrancy attack, faking additional deposits into a vault while an initial transaction was still going. This way, they managed to withdraw more funds than they had truly deposited into the vault.

Rugdoc.io also criticized Grim Finance over its weak security measures, suggesting that the project should have used a reentrancy guard, which can prevent more than one function from being executed at a time by locking the contract.

“Hopefully all projects can draw lessons from this incident that there is much knowledge most experienced solidity devs have at hand,” Rugdoc.io tweeted. “If you haven’t acquired this yet, don’t build multi-million dollar projects. Don’t get audits from companies which everyone knows are useless.”

Following the hack, the Grim Finance team said that the vaults have been paused “to prevent any future funds from being placed at risk” and recommended users withdraw their funds as all of the vaults and deposited funds are at risk.

“We have contacted and notified Circle (USDC), DAI, and AnySwap regarding the attacker address to potentially freeze any further fund transfers,” the team said.

Meanwhile, the project’s native token GRIM plunged by 81.2% at the early hours of the hack, falling from nearly USD 0.8 to USD 0.15, according to CoinGecko. At 10:07 UTC, the coin is up 3.3% over the past 24 hours, and down 55% over the past week, trading at USD 0.25.

____

Learn more:

Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes 
What Did We Learn from the MonoX Hack?

Hacked Vulcan Forged Says It Has Refunded ‘the Majority’ of Affected Users
Hacked AscendEX to Reimburse Users, Says ‘Relatively Small Percentage’ Impacted

Hacked Bitmart to Compensate Crypto Traders After USD 200M Loss
Badger DAO Appears to Have Lost Over USD 120M in an Attack 

More Articles

Blockchain News
What’s Happening In Crypto Today? Daily Crypto News Digest
Sead Fadilpašić
Sead Fadilpašić
2024-12-10 16:22:59
Altcoin News
Abu Dhabi Global Market Allows USDT for Virtual Asset Services
Hongji Feng
Hongji Feng
2024-12-10 16:03:58
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors