Hackers use “re-entry exploit”.
Scammers stole $30 million in cryptocurrency from decentralized project Grim Finance. The platform developer announced this on Twitter.
Hackers break into wallets using malicious contracts and “re-entry exploits”. According to Grim Finance, the attacker launched five re-authorization cycles. When the platform processed the first request, the hacker faked five additional wallet deposits.
The attacker transferred approximately $30 million of Fantom tokens (FTM) to a third-party account. According to the CoinDesk portal, most of the funds are diverted to other decentralized exchanges on the Fantom blockchain – AnySwap and SpookySwap. Subsequently, the scammers exchanged the stolen tokens for USDC stablecoins, the portal reports.
The project developer froze all wallets to prevent further losses. They also shared addresses of scammers with major cryptocurrency companies Circle, DAI and AnySwap to stop further transactions from hackers’ wallets. At the time of publication, the wallet was marked as Grim Finance Exploiter 1, and the FTMScan portal warned of its involvement in the hacking of the project. The wallet balance is $2.86 million.
All users’ wallets and deposits are at risk, the Grim Finance team said on Twitter. Users of the social network report their losses in the comments to posts about the hack.
Grim Finance’s DeFi platform helps users make money with their own cryptocurrency. After the attack, the GRIM project’s native token fell by more than 80%, and the volume of blocked funds decreased from $98.9 million before the attack to $4.2 million after the exploit.
The price of the FTM token fell 5.5% on the news, according to Coinmarketcap.
As a reminder, last week hackers hacked the Vulcan Forged NFT project. The scammer managed to withdraw 4.5 million PYR tokens worth around $140 million from the market. Hacking became the fourth largest in Rekt hacker attack ranking. The attack on Grim Finance would be 18th on this list.
Read also: what orthodox crypto investors disapprove of.