$30 mln stolen from DeFi platform Grim Finance

[minenovo]

More than 30 million US dollars have apparently been stolen from he decentralized finance (DeFi) protocol Grim Finance. The theft was a result of hackers exploiting a vulnerability in the platform.

The company announced an “advanced hack” on Twitter, where hackers exploited the platform’s vault contract protocol through five reentrancy loops. That apparently allowed them to fake five more deposits into the vault while the DeFi platform was still processing the first deposit.

The company advised all its users to withdraw their money immediately. “We have paused all of the vaults to prevent any future funds from being placed at risk, please withdraw all of your funds immediately” they announced.
Source
It's very disturbing how frequent such hacks have become, I think.

 

[goodmoneygoodlife]

Well if there's money to be made then there'll be hacks.
I think it's the developers' responsibility to stress-test and attack their own contracts with various common attack vectors.

Re-entrancy attacks seems quite easy to prevent. And I feel like a lot of this is just growing pains -- eventually we'll converge a standard of security for all contracts so that it'll be much harder to exploit.

Though re-entrancy checks seems quite simple and the number '5' seems quite hardcoded, it makes me wonder if this hack is an inside job. Like for example I can just write a contract that won't allow for a single rentry but would allow for 5 re-entries. You'd need to be quite specific to be try to do 5.

 

[minenovo]

Unfortunately, you're correct. It's a very depressing state of things though.