Furucombo (DeFi) hacked loses $ 14 million

28 February 20213 years ago babelfish

The decentralized finance application (DeFi) Furucombo was stolen $ 14 million by a hacker who apparently used a fake contract to trick the app into believing it was an Aave v2 update. Furucombo later tweeted that the vulnerability had been fixed, but also confirmed that the hack had taken place …

UPDATE:

The Furucombo proxy was compromised and US $ 15m was affected. The Furucombo platform and user funds are now safe. We are working on a mitigation plan that we will share with the community as soon as possible.

– FURUCOMBO (@furucombo) February 27, 2021

If you love technical explanations Igor Igamberdiev of The Block research posted a pretty clear tweet about how this all happened.

So what happened to Furuсombo

An attacker using a fake contract made Furuсombo think that Aave v2 has a new implementation.
Because of this, all interactions with 'Aave v2' allowed transfers approved tokens to an arbitrary address. pic.twitter.com/gQVxJqiAmL

– Igor Igamberdiev (@FrankResearcher) February 27, 2021

This is the complete list of stolen tokens:

– 3,9k stETH – 2.4M USDC – 649k USDT – 257k DAI – 26 aWBTC – 270 aWETH – 296 aETH – 2.3k aAAVE – 4 WBTC – 90k CRV – 43k LINK – 7.3k cETH – 17.2M cUSDC – 69 cWBTC – 142.2 M BAO – 38.6k PERP – 30.4k COMBO – 75k PAID – 225k UNIDX – 342 GRO – 19k NDX

Many stable coins have disappeared, so, literally, cash….

Furucombo is a tool that allows users to group orders on various DeFi protocols and send them in a single transaction. With a graphically intuitive system it allows you to prepare complex transactions, including flash loans, to allow the most advanced traders to buy and sell crypto sets en bloc, even short (thanks to loans). Not a tool for everyone, despite the fact that the interface is actually at everyone's theoretical door.

Those who had used it in the past should check if Furucombo's addresses are still authorized to operate on their wallet and pay due attention, considering whether to cancel the authorizations granted, at least temporarily.

Telegram cryptocurrency group: https://t.me/TWOCBLConsulting

Thanks to our Telegram channel you can stay updated on the publication of new articles of Economic Scenarios.

⇒ Register now ⇐

The article Furucombo (DeFi) hacked loses 14 million dollars comes from ScenariEconomici.it .

This is a machine translation of a post published on Scenari Economici at the URL https://scenarieconomici.it/furucombo-defi-hackerta-perde-14-milioni-di-dollari/ on Sun, 28 Feb 2021 09:15:22 +0000.