GrimFinance lost $40 million due to a similar vulnerability as that tied to flash loans and liquidity.
Based on reports, the hacker stole a flash loan for 2 tokens and added liquidity on SpiritSwap. This enables the attacker to mint SPIRIT liquidity rewards and call for deposit from GrimFinance.
In addition to this, the sequence of several commands let the hacker gain control over various flash loaned tokens.
Note that the hacker used the Spirit LP token to make a re-deposit, which enabled him to stack a large amount of additional tokens.
On top of this, around 40 transactions were made during the hacking sequence and the estimated loss, includes Bitcoin and the wrapped Fantom tokens.
For instance, the funds have not yet been transferred to any exchange or address as the majority of funds are saved on only one address. Thus, it means that centralized exchanges could be able to limit the hacker's wallet just like the Poly.Network case.
Grim.Finance is not the first victim of attack. Vee.Finance was also hacked and $35 million was stolen from various cryptocurrencies.