Exploiting and attacking the DeFi framework has been abundantly increasing over time as the DeFi market has been growing and has been attracting lots of new customers and capital. These attacks have been taking place constantly, and the latest attack happened yesterday with an estimated loss of over $14 million in crypto assets.
The attack on Furucombo
Furucombo is an Ethereum based app used for crypto transactions. The officials from Furucombo stated that their platform got hacked last morning, and they advised all their customers to cancel all their transaction approvals just to be safe.
This platform has been built for the end consumers in order to enhance their DeFi strategies. The system uses an easy drag and drop procedure, which by using, makes it accessible for the users to make and execute their own strategies, even for the customers who don’t know the ins and outs of coding.
The company said in a tweet that their platform experienced a hack and has taken care of the threat and hopes that the loophole would be fixed very soon, but they have still asked the users to cancel all their transaction approvals in order to keep them safe and to avoid any further losses. They also mentioned in their tweet that they are actively working on fixing the problem and will keep updating all their customers along the way.
How it happened
According to Igor Igamberdiev, a researcher from The Block, the hacker accessed the platform by exploiting the app’s smart contract to acknowledge and process a totally fake dataset, which belonged to Aave, a decentralized lending service. Aave makes it possible for its customers to get loans by putting in collateral. The hacker used that fake contract from Aave to get access to the contract and accomplished their task of stealing over $14 million in crypto.
The hacker got access to all the transactions which were approved by the customers already and made the smart contract system execute those transactions to their account and ending up with a massive amount of $14 million.
The CEO of the company, Hsuan-Ting, made it clear that the company accepts the responsibility of these attacks, and they are going to evaluate the losses and then come up with a plan to return the assets stolen from the customers back to them.