DeFi Building Block Service Furucombo Exploited for $14M

Furucombo is a drag and drop tool that is used to create DeFi transactions that have been exploited. In addition, the attacker’s address has $14 million worth of various cryptocurrencies.

However, the exploiter utilized a fake contract to trick the application into thinking it was an Aave v2 update. And used this contract to move all approved tokens from Furucombo into their wallet. 

DeFi Transaction Batching Tool Exploited for $14M

Furucombo, a DeFi building block service has been exploited. Moreover, this attack is similar to the $20 million evil jar attack that struck Pickle Finance last year. Earlier this month, a $37 million evil spell exploit hit Alpha Finance. 

More so, in these evil contract exploits, an attacker develops a contract that fools a protocol into believing it belongs there, giving them access to protocol funds. 

In this case, the attacker tricked the Furucombo protocol into thinking that their contract was a new version of Aave. From there, instead of draining funds, the attacker instead transfers the funds of every user who had given the protocol token permissions. Later, Furucombo tweeted that the vulnerability had been fixed.

Even more, the attack comes at a time of wider reflection in the DeFi world on security and the utility of auditing companies. Moreover, in the last three months, three different auditing and code review services have emerged. Each with a different incentive model designed to energies dynamic security practices.

Recommended for You

• bEarn Fi Loses $11M in Latest Exploit of BSC DeFi Protocol
• Russia’s Top Crypto Exchange Website was Blocked by Telecom Regulator
• PancakeBunny Suffered a Lot Following $200M Flash Loan Exploit
• Is Binance Smart Chain Safe? Two Flash Loan Exploit in a Week

share