According to a tweet from the project, the exploit was found in the vault contract, so all of the vaults and deposited funds are currently at risk.
Grim calls itself a compounding yield optimiser, meaning it promises to wring extra value from liquidity provider tokens that users receive from decentralised exchanges if they lock them up in a Grim vault.
The protocol is built atop the Fantom Opera blockchain, a smart contract-enabled platform that is built using the Solidity language and is compatible with Ethereum. The hacker used a reentrancy attack, which is an exploit that allows someone to fake additional deposits into a vault while an initial transaction is still going, thereby tricking the protocol.
While the company has contacted and notified Circle (USDC), DAI, and AnySwap regarding the attacker address to potentially freeze any further fund transfers, the attacker has already managed to launder some of the ill-gotten funds through stablecoin transfers.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.