← Grim Finance1 decision on this page

Audit log

Every state-changing event for Grim Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-21 03:21:08Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 421,119,814
sig
3mMP8AZgGpNe…4RL7LGQ6explorer ↗
hash
4XL42unt6FZb…1edqXcHHsha256 → base58
verifying row…full verify ↗
canonical bytes (6704 B) ▸
{"actor":"system:backfill","investigation_id":"5475bb6c-6b45-406c-9916-785317b085b9","kind":"publish","page_slug":"grim-finance","published_at":"2026-05-21T03:21:08.420Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Grim Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2021/12/20/fantom-defi-project-grim-finance-exploited-for-30m","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/defi-protocol-grim-finance-lost-30m-in-5x-reentrancy-hack","type":"other","url":""},{"credibility":3,"name":"https://slowmist.medium.com/analysis-of-the-grim-finance-hack-bc440108b069","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-grim-finance-hack-december-2021","type":"other","url":""},{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/grimfinancereentrancyattack.php","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptonews.net/news/security/2913195/","type":"other","url":""},{"credibility":3,"name":"https://www.technologyforyou.org/30-million-stolen-from-defi-protocol-grim-finance-audit-firm-apologizes-for-missing-vulnerability/","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-grim-finance-hack-december-2021","type":"other","url":""},{"credibility":3,"name":"https://www.defisafety.com/app/pqrs/423","type":"other","url":""},{"credibility":3,"name":"https://sourcehat.com/audits/GrimVaultV2/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2021/12/20/fantom-defi-project-grim-finance-exploited-for-30m","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/88727/grim-finance-hacked-30-million-fantom-tokens","type":"other","url":""},{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/grimfinancereentrancyattack.php","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/@grimfinance11/grim-finance-update-to-exploit-15226e6df736","type":"other","url":""},{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/grimfinancereentrancyattack.php","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/grim-finance","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/grim-finance","type":"other","url":""},{"credibility":3,"name":"https://www.vidma.io/blog/the-grim-reaper-strikes-unraveling-the-30-million-grim-finance-hack","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2021/12/20/fantom-defi-project-grim-finance-exploited-for-30m","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-grim-finance-hack-december-2021","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/grim-finance","type":"other","url":""},{"credibility":3,"name":"https://www.defisafety.com/app/pqrs/423","type":"other","url":""}]}],"sources_used":[],"summary":"Grim Finance was a Fantom-based DeFi yield optimizer (fork of Beefy Finance) that suffered a devastating reentrancy exploit on December 19, 2021, resulting in approximately $30 million in user funds stolen. The vulnerability — a missing reentrancy guard in the depositFor() function — had existed in an audited codebase and was classified by security researchers as an entirely preventable, well-understood attack class. The protocol has since collapsed to a near-zero TVL of roughly $29,000 and its proposed compensation plan yielded no meaningful restitution for affected users.","timeline":[{"date":"2021-08-01","event":"Solidity Finance conducts a smart contract audit of Grim Finance, approximately four months before the exploit. A new analyst performs the review while the firm's CTO is on vacation; the reentrancy vulnerability in depositFor() is not flagged.","source":""},{"date":"2021-12-19","event":"Attacker (address: 0xdefc385d7038f391eb0063c2f7c238cfb55b206c) exploits the GrimBoostVault depositFor() reentrancy vulnerability using a flash loan and a malicious token contract, draining approximately $30 million from Grim Finance vaults on Fantom.","source":""},{"date":"2021-12-19","event":"Grim Finance team pauses all vaults approximately six hours after the attack begins. The team notifies Circle (USDC), MakerDAO (DAI), and AnySwap to freeze attacker-linked addresses. The attacker has already begun converting and bridging stolen assets.","source":""},{"date":"2021-12-19","event":"Grim Finance TVL collapses from approximately $98.9 million to $4.2 million. The GRIM token falls approximately 81%, from $0.80 to $0.15. Rugdoc.io and other security watchdogs publicly criticize the lack of a basic reentrancy guard.","source":""},{"date":"2021-12-20","event":"Solidity Finance issues a public statement acknowledging the missed vulnerability, attributing it to internal organizational stress and a new analyst performing the review. CoinDesk, CoinTelegraph, and Decrypt report on the breach.","source":""},{"date":"2021-12-20","event":"Attacker alleged to have deposited approximately $3.3 million of stolen funds into Tornado Cash mixer, with additional funds bridged from Fantom to Ethereum mainnet via stablecoin conversions.","source":""},{"date":"2021-12-31","event":"Grim Finance publishes post-mortem and compensation plan announcing a new token airdrop (50% of platform revenues), 0.2% insurance fund, and NFT airdrops from partner Pod Town. Affected users must submit claims by January 7, 2022.","source":""},{"date":"2022-01-07","event":"Claim submission deadline for hack victims passes. No public reporting confirms material restitution was subsequently delivered.","source":""},{"date":"2022-03-17","event":"DeFiSafety publishes a Process Quality Review rating Grim Finance at 24% with a FAIL designation, citing inadequate security processes.","source":""},{"date":"2022-08-08","event":"U.S. Treasury OFAC sanctions Tornado Cash, the mixer allegedly used to launder a portion of the Grim Finance stolen funds.","source":""},{"date":"2026-05-01","event":"Grim Finance TVL sits at approximately $28,759 across six chains per DeFiLlama, reflecting a functionally abandoned protocol. No meaningful development activity or community engagement has been identified since early 2022.","source":""}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 90126159-d8c6-4b85-b4b2-2d157c1e50f9

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.