Cyber Incident Victim: Grim Finance
Date:
Dec 2021
Location:
Hungary
Summary
Hackers stole approximately $30 million from Grim Finance by exploiting a reentrancy vulnerability in the platform's vault contract, which allowed attackers to withdraw more funds than deposited due to inadequate safeguards in the depositFor function. The platform paused all vaults to mitigate further losses and attempted to coordinate asset freezes with stablecoin issuers. A prior audit conducted by Solidity Finance had missed the critical flaw, attributed to an oversight by a new analyst during onboarding while senior staff were unavailable, marking the firm's second such failure across hundreds of audits. This breach reflects broader security challenges within decentralized finance protocols.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 18, 2021, Grim Finance, a decentralized finance (DeFi) protocol, suffered a security breach resulting in the theft of approximately $30 million. The attackers exploited a vulnerability within Grim Finance’s vault contract, which managed user deposits across its platform. Grim Finance detected the ongoing attack on December 18 and publicly announced the incident via Twitter, warning users of an "advanced attack" targeting their vaults. The protocol immediately paused all vault operations to prevent further exploitation, though the attackers had already compromised funds across multiple vaults. Grim Finance contacted stablecoin issuers Circle (USDC) and DAI, as well as cross-chain bridge provider AnySwap, to request potential freezing of stolen assets. The vulnerability stemmed from a flaw in the depositFor function, which allowed users to input arbitrary addresses. This design oversight enabled reentrancy attacks, a technique where malicious actors repeatedly withdraw funds before previous transactions finalize, draining more assets than deposited.
Solidity Finance, the firm that audited Grim Finance’s code four months prior to the attack, acknowledged responsibility for missing the vulnerability. The audit occurred in August 2021, during which a newly hired analyst overlooked the reentrancy risk due to insufficient oversight. Solidity Finance’s chief technology officer was on vacation at the time, and the team cited onboarding pressures as a contributing factor. The firm emphasized this was only its second missed vulnerability across 900 audits conducted historically. Blockchain security experts, including RugDoc.io, later confirmed the absence of reentrancy guards in Grim Finance’s code, which would have prevented the attack. The incident contributed to a broader trend of DeFi exploits in 2021, alongside high-profile breaches affecting AscendEX, Vulcan Forged, BitMart, and Poly Network. Grim Finance did not disclose whether any stolen funds were recovered following outreach to asset issuers.