Furucombo, a service that allows you to group transactions and interactions in the space of decentralized finance, was attacked by hackers on Saturday evening.
According to the project developers, the attacker got about $15 million in ether and ERC20 tokens. The attack involved a fake smart contract, perceived by Furucombo as a new implementation of the Aave v2 DeFi protocol and used to withdraw available assets.
the Furucombo proxy was compromised. We have deauthorized the relevant components, " the developers wrote on Twitter, while asking users to withdraw the approved tokens and revoke the permissions.
Subsequently, they confirmed the discovery of the root cause of the incident and the elimination of the vulnerability. "The Furucombo platform and user tools are now secure. We are working on a response plan for the attack and will disclose it to the community as soon as possible, " they add.
Similar attacks were previously carried out by the DeFi projects Pickle Finance and Alpha Finance, when attackers managed to replace the original contracts with their own. In total, over $70 million was stolen in this way in a few months. In the case of Furucombo, however, the funds were not withdrawn from the contract, but from the wallets of users who granted the platform permission to interact with their tokens.