–
The Furucombo team reported that the attacker compromised the DeFi project’s proxy server, causing about $ 14 million in damage in Ethereum and ERC-20 tokens.
Today at 4:47 PM UTC the Furucombo proxy was compromised by an attacker. We have deauthorized the relevant components and believe the vulnerability to be patched but we recommend users remove approvals out of an abundance of caution.
– FURUCOMBO (@furucombo) February 27, 2021
Furucombo provides users with a tool that allows them to visually combine transaction chains with different DeFi protocols.
According to The Block researcher Igor Igamberdiev, the hacker used a fake contract, which made Furucombo decide that Aave v2 has a new implementation. This made it possible to transfer approved tokens to an arbitrary wallet when interacting with this DeFi protocol.
So what happened to Furuсombo????
An attacker using a fake contract made Furuсombo think that Aave v2 has a new implementation.
Because of this, all interactions with ‘Aave v2’ allowed transfers approved tokens to an arbitrary address. pic.twitter.com/gQVxJqiAmL– Igor Igamberdiev (@FrankResearcher) February 27, 2021
The expert gave a list of the stolen assets.
Data: Twitter.
–
The break-in took place at 16:47 UTC. The project team believes it has fixed the vulnerability, but for security reasons has recommended that users remove token approval.
Furucombo promised to notify the community of further action being taken.
According to the data Etherscan, the hacker is actively withdrawing stolen assets, including through the Tornado Cash mixing service.
Formerly Crystal Blockchain Specialists notedthat over the past 5 years, attackers began to get rid of stolen cryptocurrencies 13 times faster, and mixers have become the second most popular withdrawal destination.
Recall that in mid-February, a hacker withdrew Iron Bank (the second version of the Cream Finance project) from the DeFi protocol tokens totaling $ 37.5 million.
Subscribe to ForkLog news on Telegram: ForkLog Feed – the entire news feed, ForkLog – the most important news and polls.
Found a mistake in the text? Select it and press CTRL + ENTER
– .
