Fantom DeFi Project Grim Finance Exploited for $30M

The hit was one of the largest on the Fantom blockchain.

AccessTimeIconDec 20, 2021 at 8:57 a.m. UTC
Updated May 11, 2023 at 6:59 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Yield compounding tool Grim Finance had $30 million worth of fantom tokens stolen from its protocol after an exploit on Sunday. The project took preventive measures to stop further damage.

“We inform you that our platform was exploited today by an external attacker roughly 6 hours ago. The attackers address has been identified with over 30 million dollars worth of theft here,” the project’s developers tweeted on Sunday morning. “The exploit was found in the vault contract so all of the vaults and deposited funds are currently at risk,” they said in a separate tweet.

Built on the Fantom Opera network, Grim Finance allows users to stake their liquidity pool tokens in what it calls Grim Vaults, automatically harvesting yields and re-staking rewards using strategies for even higher yields.

Liquidity pool tokens are provided to decentralized exchange users who supply their own liquidity in return for a token reward from the platform. Such exchanges are a subset of the decentralized finance (DeFi) market, which relies on smart contracts instead of middlemen for financial services such as lending, trading, and borrowing.

The ease of staking and harvesting increased yields on Grim Finance attracted over $100 million in user funds to the protocol, according to total value locked (TVL) metrics on analytics tool DeFi Llama. They remained safe until yesterday.

Attackers used a “reentrancy” exploit to steal funds from Grim Finance. Such an exploit is common on Solidity, the code behind the Ethereum and Fantom blockchains. It sees attackers manipulate data by interacting with the network and calling an untrusted contract, allowing them to gain control of the assets stored on whichever contact they exploited. This time, it was Grim Finance’s yield-compounding vaults.

The attackers took nearly $30 million in fantom tokens, data from Fantom blockchain explorers show. Much of that seems to have already been routed to other Fantom-based decentralized exchanges (DEX) such as AnySwap and SpookySwap, where the stolen tokens were exchanged for other tokens, such as USD coin, a dollar-pegged stablecoin, in one such instance.

Developers paused all vaults on Sunday to prevent further damages. They further informed USDC issuer Circle, AnySwap and Maker to freeze any assets related to the exploit.

The hack caused an exodus of total value locked on Grim Finance. Just $4.3 million remains in Grim Finance vaults, and TVL fell 84% in the past 24 hours.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Shaurya Malwa

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.

Read more about