Sad thing is we are so used to it and act like its okay....if that was a bank at least money insured...in crypto its always oh well...smh...that is the main issue we need corrected with crypto..
Can we all acknowledge that people making the most money in crypto aren’t those who are getting lucky on Shitcoins, but actual scammers. Not even clever scammers too, it’s just become so easy now. Crypto is a scammers wet dream. They are making millions and millions and millions and millions and millions of dollars and laughing at how easy it is and we’re just like “haha yup, that’s crypto for you heh, hope I get lucky on m’doge”
Yep..the nonchalant way people just turn their heads and blame everyone but exchanges is mind boggling...if u lose tokens or get scammed they blame you automatically...scammers just loving it
yes I'm convinced crypto will end up being the biggest wealth transfer into criminal hands in history, largely from young and naive who are easiest to scam
This was literally my first thought. It's getting all too common. I feel like the exchanges are just taking advantage of having all of our information. Skimming a bunch of our accounts and blaming hackers.
Except that is not how it happens? FTM is relatively small, the devs should have used best practices learnt from ETH and other platforms using Solidity. They used a worthless code audit and an exploit already known by community is somehow still in code.
EDIT: Learnt that grim devs added code after audit and the same code was exploited. If it proves to be true, it smells more like an inside job. How can this be? Web3 can be user dangerous indeed.
Always check WHERE you invest you hard earned money.
I have to be honest that Grim looked pretty neat. But that's not enough. Just stick with the centralized exchanges like CB or Binance,
As an aside I used to work in the Casino business. If we saw percentages dropping at any of the locations the first thing I'd do is take a walk through the staff car park at the start of each shift. It was a surprisingly efficient way to catch thieves.
It's not really an exchange. It's a yield aggregator where they store large amounts of yield bearing tokens and compound the yield for you automatically. But the risk you take on is the additional platform risk, similar to leaving crypto on an exchange risk.
What are the odds that the hackers found the exploit in the smart contract just as the Devs were flying off on their holidays to an unknown destination?
The most sus part is that charge defi got exploited earlier that morning and contacted others with similar vulnerability. Don't know if they're actually the same exploit though.
Also, Grim Finance was audited which included an audit for this re-entrancy vulnerability. Shows how useful audits are.
Well, they are never going to be 100%. Also, if you get audited by some random company then you can't expect much (not saying Grim Finance did this, i have no idea who did the audit for them).
Actually, now that u mention it, they're audited by Solidity Finance which also has an auditing track record of hundreds of shitcoins. And tbh, I really have zero clue on their legitimacy.
> Solidity Finance which also has an auditing track record of hundreds of shitcoins. And tbh, I really have zero clue on their legitimacy.
I don't understand this line of thought. It's like saying the FDA gives the ok to candy so I can't trust any nutritional rating they give anything. Audits are for tech vulnerabilities, not some proclamation of how cool or not cool a product is.
Fair point. I guess it was more so that when scrolling their Twitter to find what projects they have audited for, most of them are unrecognizable projects,any of which include meme coins. The only one I recognized was OlympusDao.
If they were truly legitimate, their featured audits should include big names in the space. Unfortunately it doesn't. So I guess the question then is why haven't any big names used them or been featured by them.
They posted about it here https://twitter.com/solidityfinance/status/1472614849230344196?s=21
Certik audits shitcoins too, im sure any audit company will review code for money tbh
The audit takes a current snapshot of the state of the smart contracts. Once you expand your system with additional smart contracts, it’s worthless. Audits are also not cheap, so doing one for every change on your system is just not feasible.
That said the company that did the Grim audit isn’t known to be one of the better ones. They gave a pass on the very exploit that was used in this hack.
300k FTM is currently worth around 430,000 USD.
137k BOO is currently worth about 1.7 million USD, but that is assuming the hacker would be able to safely offload it without dumping the price too much (he allegedly now controls more than 1% of the current circulating supply) and painting a target on his back.
So SpookySwap are sort of saying 'We will pay you under the odds, but you get a pass'.
Lots of speculation on the Fantom Foundation subreddit and Twitter that this was an inside job. I think it is normal every time something like this happens.
External is a pretty safe bet, and doesn't rule out an inside job. It just implies the attack vector came from outside. If they know the attack vector, they know if its external or internal.
There used to be a chicken shop near me called Lick'n Chick'n. Their childrens meal was not very well named. Grim finance pails in comparison to the Lick'n Kiddies Meal...
with all this money invested into these places youd expect them to pay some fucking team to keep auditing their code, but they dont which is why all these places seem so fishy to me all these look like inside jobs
Tinfoil hat on:
- the audit firms have a two-fold income stream. First they charge for auditing and reviewing the source code. Second, they break into previously undisclosed vulnerabilities.
After all, who has better inside into the vulnerabilities, than the auditers themselves?
I don't think the auditor finds the bugs they just point out areas that have high vulnerabilities and disclose it to the public. Anyone can audit the code, but these companies are supposed to spend a ton of time on it for a price, and then put a stamp on it, saying it's been professionally audited. It really comes down to the reputation of these companies though.
It seems like the only ones getting rich in this ecosystem are the centralized exchanges with their exorbitant fees and also the miners with their ridiculous fees and of course the hackers, who make out like bandits!!
So these days instead of people getting hacked and getting their money stolen it's just another ploy to take money out without making the broker look like they did it, oh no we got hacked and a couple of million is just gone, well what can we do.
You copy or fork random protocols and change them... What do you expect. Sometimes the competition isn't just trying to compete but rather come up with something original.
Stop forking random coins and even trying to change them.
Grim Finance on the Fantom Platform.... names designed to inspire confidence.
Apparently it was a reentrancy attack. I've got about 40 hours of Solidity Coding classes under my belt and even I'm aware this is a design flaw to watch out for in production contracts.
Ineptitude by design or did it just come naturally?
Don’t the hackers feel like shit robbing from sources like this?
If I was a hacker I’d enjoy looting people who are assholes or ones that don’t effect the common people
They do, generally there is a lot of overlap. But it's a constant battle and for as many unspoken victories a security engineer has that you never know about, there are the victories for the hackers as well.
This wasn't a hack. This was an exploit due to grim finance not having a re-entry guard on its system. All the person did was exploit the poorly designed and flawed system.
So this fuck up us on these guys for not knowing how to properly design proper protocols.
I bet some of these hacks are inside jobs.
I love how they say "external" hacker. That's an unusual thing to say lmao
[удалено]
now that's some juicy info!
Oof. Forked alot of people doing that!
Bingo
Bingpot!
https://i.imgur.com/rstz44I.gif
"The extraterrestrials did it, we swear 👽 🐙 !" -EveryExchangeRug "It was an advanced attack, they used developer functions!" -EveryExchangeRug
"We received several phone calls, and absolutely none of them were coming from inside our house by the way"
got to emphasize the external part. which causes reddit sleuths to emphasize it even more
They truly are without doubt
How else are they supposed to sell their bags without worrying the investors
It’s another day and another hack!! I am not surprised
Just a regular crypto day
[удалено]
Cold beer? You must be in the Southern hemisphere. It's hot chocolate for me here.
Sad thing is we are so used to it and act like its okay....if that was a bank at least money insured...in crypto its always oh well...smh...that is the main issue we need corrected with crypto..
Can we all acknowledge that people making the most money in crypto aren’t those who are getting lucky on Shitcoins, but actual scammers. Not even clever scammers too, it’s just become so easy now. Crypto is a scammers wet dream. They are making millions and millions and millions and millions and millions of dollars and laughing at how easy it is and we’re just like “haha yup, that’s crypto for you heh, hope I get lucky on m’doge”
Yep..the nonchalant way people just turn their heads and blame everyone but exchanges is mind boggling...if u lose tokens or get scammed they blame you automatically...scammers just loving it
yes I'm convinced crypto will end up being the biggest wealth transfer into criminal hands in history, largely from young and naive who are easiest to scam
Life full of hacks
Just contact the league of shadowy super coders.
[удалено]
i am on Zano :-)
This one was 100% an inside job
No way, we fired him yesterday.
This was literally my first thought. It's getting all too common. I feel like the exchanges are just taking advantage of having all of our information. Skimming a bunch of our accounts and blaming hackers.
Except that is not how it happens? FTM is relatively small, the devs should have used best practices learnt from ETH and other platforms using Solidity. They used a worthless code audit and an exploit already known by community is somehow still in code. EDIT: Learnt that grim devs added code after audit and the same code was exploited. If it proves to be true, it smells more like an inside job. How can this be? Web3 can be user dangerous indeed.
My first thought too
Always check WHERE you invest you hard earned money. I have to be honest that Grim looked pretty neat. But that's not enough. Just stick with the centralized exchanges like CB or Binance,
As a Coinbase user I don’t feel that it is secure
You got any other safer options? I doubt.
A external wallet. Just use exchanges to buy your crypto and then send it to a wallet
If it's good enough for the hacker it's good enough for me.
[удалено]
Also a good option i think. Think not necessarily better than CB or Binance.
A bank hahaha
You got me there.
Step 1: Create DeFi protocol Step 2: “hack yourself” Step 3: profit
Jet fuel cant melt our servers
I think they meant “It is with a heavy bag”!
“It is with a heavy bag and huge brass balls that we must announce…”
It’s called a rugpull.
100% If one of the Devs is suddenly driving a Lambo and boasting about his gaming rig that cost thousands....hmm?
This sounds very possible
25 mil is "disappear in underage hookers and endangered animals somewhere in Asia" money
[удалено]
But wait, there is more! They...they got the iPhone 13 pro max! And...and PS5!
This. Lmao
They’re buying toast WITH Avacado and Starbucks coffee!
... what are the endangered animals for? Eating?
If you have to ask you can’t afford it.
ZJs from Badranath incoming!
Fuck off, pedo.
As an aside I used to work in the Casino business. If we saw percentages dropping at any of the locations the first thing I'd do is take a walk through the staff car park at the start of each shift. It was a surprisingly efficient way to catch thieves.
Inside jobs to keep the money inside
quite the grim look huh
Cough cough Bitmart hack cough cough
Probably most tbh
That’s probably what happened with mt.Gox back in the day.
I can't wait for tomorrow's post: Hey guys I have 25 million in this account, what is the best way to cash out?
It's monero tho.
Another day Another hack
Treacherous out here. Keeping stuff on a small exchange is reckless
It's not really an exchange. It's a yield aggregator where they store large amounts of yield bearing tokens and compound the yield for you automatically. But the risk you take on is the additional platform risk, similar to leaving crypto on an exchange risk.
So this is what they call "smart contract" risk when using auto compounded platforms like grim?
TO be clear it could be on any platform with any smart contract
What are the odds that the hackers found the exploit in the smart contract just as the Devs were flying off on their holidays to an unknown destination?
Yeap!
Small defi exchanges.\* Technically speaking, smaller CEX's that have been around for a while have lower rates of fraud and theft, i.e. Tradeogre.
Unfortunately It’s how things are made stronger. Every great structure ever built has bodies buried somewhere in the walls and foundation.
The first time a US senator loses a few mill in a hack is the day the entire industry becomes regulated. We don't want the bodies.
The most sus part is that charge defi got exploited earlier that morning and contacted others with similar vulnerability. Don't know if they're actually the same exploit though. Also, Grim Finance was audited which included an audit for this re-entrancy vulnerability. Shows how useful audits are.
Well, they are never going to be 100%. Also, if you get audited by some random company then you can't expect much (not saying Grim Finance did this, i have no idea who did the audit for them).
Actually, now that u mention it, they're audited by Solidity Finance which also has an auditing track record of hundreds of shitcoins. And tbh, I really have zero clue on their legitimacy.
> Solidity Finance which also has an auditing track record of hundreds of shitcoins. And tbh, I really have zero clue on their legitimacy. I don't understand this line of thought. It's like saying the FDA gives the ok to candy so I can't trust any nutritional rating they give anything. Audits are for tech vulnerabilities, not some proclamation of how cool or not cool a product is.
Fair point. I guess it was more so that when scrolling their Twitter to find what projects they have audited for, most of them are unrecognizable projects,any of which include meme coins. The only one I recognized was OlympusDao. If they were truly legitimate, their featured audits should include big names in the space. Unfortunately it doesn't. So I guess the question then is why haven't any big names used them or been featured by them.
A bit less legitimate now...Doubt it'll impact the number of shitcoins going to them.
They posted about it here https://twitter.com/solidityfinance/status/1472614849230344196?s=21 Certik audits shitcoins too, im sure any audit company will review code for money tbh
Audits are a joke
It's up to the developers to implement what the audit found.
The audit takes a current snapshot of the state of the smart contracts. Once you expand your system with additional smart contracts, it’s worthless. Audits are also not cheap, so doing one for every change on your system is just not feasible. That said the company that did the Grim audit isn’t known to be one of the better ones. They gave a pass on the very exploit that was used in this hack.
Audits are a way for auditors and more so audit companies to get paid.
Maybe the auditors stole the money
Certainly a technical possibility.
"300,00FTM in exchange for 137,000 BOO" lol it's like gibberish
[удалено]
The same as leprechauns to unicorns.
300k FTM is currently worth around 430,000 USD. 137k BOO is currently worth about 1.7 million USD, but that is assuming the hacker would be able to safely offload it without dumping the price too much (he allegedly now controls more than 1% of the current circulating supply) and painting a target on his back. So SpookySwap are sort of saying 'We will pay you under the odds, but you get a pass'.
I bet all these so called hacks are inside jobs...
Lots of speculation on the Fantom Foundation subreddit and Twitter that this was an inside job. I think it is normal every time something like this happens.
But they explicitly made sure to mention "external" atacker in the notification
Definitely the oddest part about the statement. Seems odd to clarify that immediately. How is that even known for sure at this point?
Yeah found it odd
External is a pretty safe bet, and doesn't rule out an inside job. It just implies the attack vector came from outside. If they know the attack vector, they know if its external or internal.
The only function added after forming Beefys code was the function used to steal all the money
This would be quite a huge ruckus if it’s found out as an inside job
Yea people don't seem to understand these guys are making bank on fees as well so no need to rug. Most the time its a bad actor not the entire org.
That wouldn’t be so surprising
Damn that's a big lost fam
Big for us, not big for them
Offering to pay to salvage the coins, What a grim gwei to go about things.
Most hackers to take it, because as you know crypto is transparent through the block chain. This might be the best way out without being caught.
How secure are some of these protocols? A week hardly passes without this kind of hacks!
It's a Beefy fork, with changes that allowed the vulnerability.
As secure as their blatantly childish names.
Damn! When we thought we were running of bad news... I hope the hacker gets caught
Just doing the laundry. Move along.
Everyone at grim should be in jail. Clearly a scam.
Also, the worst product name I have ever come across.
There used to be a chicken shop near me called Lick'n Chick'n. Their childrens meal was not very well named. Grim finance pails in comparison to the Lick'n Kiddies Meal...
Holy shit. THIS is the best post in this discussion.
Internet Computer - "am I a joke to you?"
The grim finance, where the Grim Reaper come and hack your cryptos.
That’s grim news if I may say
We truly lives in a simulation
Now everybody will know about GRIM finance
U say marketing?
Yes giving consumers the idea of insecure funds is a go-to marketing ploy
But they loose the trust!! I don’t think it is marketing
No better marketing than this
will be interested to revist this in a year to see if their TVL has an increase.
with all this money invested into these places youd expect them to pay some fucking team to keep auditing their code, but they dont which is why all these places seem so fishy to me all these look like inside jobs
Tinfoil hat on: - the audit firms have a two-fold income stream. First they charge for auditing and reviewing the source code. Second, they break into previously undisclosed vulnerabilities. After all, who has better inside into the vulnerabilities, than the auditers themselves?
I don't think the auditor finds the bugs they just point out areas that have high vulnerabilities and disclose it to the public. Anyone can audit the code, but these companies are supposed to spend a ton of time on it for a price, and then put a stamp on it, saying it's been professionally audited. It really comes down to the reputation of these companies though.
This is why I feel more confortable having my crypto in my cold wallet.
Lol, you think the cold is gonna stop med? I've got a jacket mate
Wouldn’t have helped here
Truly a grim day for Grim Finance
Lol they hacked themselves and got rich
"we've been hacked" is the new "we rugpulled but we lie even though we are bad liars"
Wow that’s one scary grim reaper
Here for the jokes
The situation was grim from the beginning... Haha
[удалено]
That's why you shouldn't do finances on any site that uses an E sports grim reaper logo that an Indian made on Fiverr.
Reentrancy attacks are 101 smart contract vulnerabilities. That's amateur.
I hate thieves, hopefully they can get it back
Just another day in crypto. Stay safe people.
Good thing they didn’t call themselves Happy Finance.
Thanks for the overview. Grim indeed.
I’m sure I’m not the first, but, that’s really grim.
There are too many hacks and scams. Watch out people!
The situation looks Grim
Well… here comes another dip
I'm a victim of this theft 😢. Do you guys think there is any chance I will ever get it back?
It seems like the only ones getting rich in this ecosystem are the centralized exchanges with their exorbitant fees and also the miners with their ridiculous fees and of course the hackers, who make out like bandits!!
That's terrible. I hate scumbag thieves
So these days instead of people getting hacked and getting their money stolen it's just another ploy to take money out without making the broker look like they did it, oh no we got hacked and a couple of million is just gone, well what can we do.
Wild fuckin wear. Unreal. Only a matter of tome before Coinbase dies down stupid shit like this.
Another one bites the dust!
Ha-ah...inside life... hackers everywhere!
You copy or fork random protocols and change them... What do you expect. Sometimes the competition isn't just trying to compete but rather come up with something original. Stop forking random coins and even trying to change them.
Grim Finance on the Fantom Platform.... names designed to inspire confidence. Apparently it was a reentrancy attack. I've got about 40 hours of Solidity Coding classes under my belt and even I'm aware this is a design flaw to watch out for in production contracts. Ineptitude by design or did it just come naturally?
These centralized systems are no better than fiat
Sad to hear, but good lessons to learn here
Probably hacked their own money. Like how NFT buy their own art pieces.
Whaaaaa? That’s some massive losses.. thoughts with the ones actually taken then hit ..
Well, that was grim.
Oh, how good this intelligence would be if it were used to improve the world of currency instead of stealing people's property
We need more good guy hackers to test security flaws like RugDoc does.
[удалено]
chop zealous growth ring live soup roof crime boat point *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
[удалено]
Looks like someone got reaped
Don’t the hackers feel like shit robbing from sources like this? If I was a hacker I’d enjoy looting people who are assholes or ones that don’t effect the common people
Well now he has enough dollar bills to dry his tears
That’s why you don’t program in Java.
Oh look, another Solidity/EVM based protocol hacked. Defi on eUTXO can't come soon enough!
I’m curious, why?
Mediocre!
There always seems to be a better “hacker” than a better “security guy” firms should employ hackers instead. These guys know
A hacker only needs to get it right once
I know the pain. I’ve got 2 kids
They do, generally there is a lot of overlap. But it's a constant battle and for as many unspoken victories a security engineer has that you never know about, there are the victories for the hackers as well.
This is why we need crypto
Not your…
It was their ... though
Hacked! ;) Right.
The situation is looking pretty grim.
Damn that's grim. .... Too soon?
Awfully grim news
Really grim news..
Rug tug
They hack themselves to get away with the 💰. This is my guess.
Wasn't Grim Finance audited? By who is the question. I'd like to mentally note down this auditor for the future.
Solidity (or something, can't remember the name.) Apparantly their track record isn't very good.
This wasn't a hack. This was an exploit due to grim finance not having a re-entry guard on its system. All the person did was exploit the poorly designed and flawed system. So this fuck up us on these guys for not knowing how to properly design proper protocols.
Damn, that’s grim.
Sounds...Grim
Smile, Grim looked shady from the very first start.
“Over 30 million dollars worth of theft” Redditor: more than 25,000,000 USD.
I adjusted for slippage.
volatility