According to a tweet from the project, the exploit was found in the vault contract, so all of the vaults and deposited funds are currently at risk.
Grim calls itself a compounding yield optimiser, meaning it promises to wring extra value from liquidity provider tokens that users receive from decentralised exchanges if they lock them up in a Grim vault.
The protocol is built atop the Fantom Opera blockchain, a smart contract-enabled platform that is built using the Solidity language and is compatible with Ethereum. The hacker used a reentrancy attack, which is an exploit that allows someone to fake additional deposits into a vault while an initial transaction is still going, thereby tricking the protocol.
While the company has contacted and notified Circle (USDC), DAI, and AnySwap regarding the attacker address to potentially freeze any further fund transfers, the attacker has already managed to launder some of the ill-gotten funds through stablecoin transfers.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now