Furucombo, $15M hacked

[soliton]

Heads up.  Furucombo, Lego of DeFi, was hacked around 15 hrs ago. The cost of hacking is estimated at 15 million dollars in ETH and several tokens. Users have been  advised to cancel the tokens approval.

https://twitter.com/furucombo/status/1365805935109677056

[CuriousGeorge]

I kinda feel strange to see that when there's a platform got hacked and some money disappeared from the hot wallet and the platform says that if users fund now safe.
15 million USD was getting stolen by the hacker and probably some people may lose their money.

So many people being affected caused by their money got stolen by hacker. This garbage platform must die.

The hacker knows if tether can be frozen and he was converting all of assets without the possibility to be frozen. 15 million USD gone

[zasad@]

If you follow DeFi hacks, then bookmark this topic
DeFi hacks [history]
https://bitcointalk.org/index.php?topic=5267124.0

https://twitter.com/FrankResearcher/status/1365740713334493192

"So what happened to Furucombo👇

An attacker using a fake contract made Furucombo think that Aave v2 has a new implementation.
Because of this, all interactions with ‘Aave v2’ allowed transfers approved tokens to an arbitrary address."

[jacafbiz]

Furucombo team is one team I respected a lot for their work but anything hackable in this space will be hack it is just a matter of time, DEFI still carries a lot of risk and people need to factor that into is pricing with time when all these hacks have been studied very well we will see less of this high level hacks, I think teams should also incentives white hat hackers to hack their platforms instead of paying all these security firm money and tokens to audit their code and at the end of the day they still got hack

[tabas]

I don't know them but if this is another defi, the other defi should focused with their security. A lot of money are being stolen from different defi projects.
Most of the project makers should be wary about this and become more conscious when it comes to security of their platforms.

[bittick]

I don't know them but if this is another defi, the other defi should focused with their security. A lot of money are being stolen from different defi projects.
Most of the project makers should be wary about this and become more conscious when it comes to security of their platforms.

I guess the security already audited so many times but you can't say if that can be solved just use audit on the smartcontract.
Dude, any programmer and hackers have their own formula to test whether there's a vulnerability that is still available to be attacked or not.
As per zasad's said. The knows the loop hole of platform by creating the fake contract.

[tabas]

I don't know them but if this is another defi, the other defi should focused with their security. A lot of money are being stolen from different defi projects.
Most of the project makers should be wary about this and become more conscious when it comes to security of their platforms.

I guess the security already audited so many times but you can't say if that can be solved just use audit on the smartcontract.
Dude, any programmer and hackers have their own formula to test whether there's a vulnerability that is still available to be attacked or not.
As per zasad's said. The knows the loop hole of platform by creating the fake contract.

I'm only saying that they have to check their security. I know about hackers, they're also programmers but just chose to steal instead of doing the right thing.
And that loophole is part of security that they need to improve.

[Evilish]

Interestingly the hackers didn't (or couldn't) sweep any locked funds from Furucombo smart contract, but they were able to extract millions worth of tokens from wallets of users who had interacted with Furucombo smart contract.

Sucks for those who lost any money due to this vulnerability in the smart contract.

This is like the third or fourth smart contract hack I've seen in recent times. Doesn't make the case for DeFi on Ethereum blockchain any stronger in my eyes.

Pro-tip: Don't keep any tokens on your Metamask wallet (or whichever wallet you use to interact with smart contracts), and if you do, make sure your authorizations are clean after every interaction you do with any smart contract. Costly? Yes. But it's better to spend a few bucks than to lose everything you have stored.

[KaratX]

Wait, like is it DeFi projects the only projects available in crypto space? Why are hackers finding them easier to jailbreak? I don't believe in this hacks anymore, now it looks like a inside plan just to run away with investors fund in the name of got hacked 😏

[casperBGD]

Wait, like is it DeFi projects the only projects available in crypto space? Why are hackers finding them easier to jailbreak? I don't believe in this hacks anymore, now it looks like a inside plan just to run away with investors fund in the name of got hacked 😏

no, it does not have to be, and these are mostly not hacks, it is an exploit of flash loan mechanism, it is easier to call it hack, but could be called otherwise as well, although as hack would make the news portals easily, and as economic benefit probably not that easy
with all said, the amount exploited in DeFi hacks is not staggering, so that DeFi could go down because of that, and DeFi would survive all of this

high gas fees are making it harder for exploit and amount should go higher to have a good arbitrage chance at anything

I am not sure why all this does not happen on Binance smart chain, maybe because it is centralized and hackers know that exploits could be frozen

[Dave1]

Wait, like is it DeFi projects the only projects available in crypto space? Why are hackers finding them easier to jailbreak? I don't believe in this hacks anymore, now it looks like a inside plan just to run away with investors fund in the name of got hacked 😏

It's because hackers are always one step of the game, they really know how to find loopholes and exploits on Defi projects. I'm not sure if it will be good for them to just invented this hacks, but I have doubt that this is an inside job, they've intentionally do this.

It could be that the code has been audited by some third party, but it doesn't mean that it's completely out of reach from this hackers. It's just too bad to hear that investors lost a big amount of money to this criminals again and again.

[semobo]

It keeps remainding that defi projects also can be hacked and people could lose everything with the small vulnerability on the platforms, its time to realize that you need to hold your coins to feel it safer and don't keep investing your money to useless projects.

[bitcon]

It keeps remainding that defi projects also can be hacked and people could lose everything with the small vulnerability on the platforms, its time to realize that you need to hold your coins to feel it safer and don't keep investing your money to useless projects.

Now it is difficult to figure out which projects will be profitable and how to choose the right coin that will bring you the desired income. In DeFi, there is a huge chance of getting caught in a scam or bubble. We are observing very active growth and the emergence of more and more new projects, but the security of the DeFi sector has not yet kept pace with the development of the industry.

Many users are in a hurry to take part in DeFi-hype and do not even try to understand the coins they buy.

[Mahanton]

I kinda feel strange to see that when there's a platform got hacked and some money disappeared from the hot wallet and the platform says that if users fund now safe.
15 million USD was getting stolen by the hacker and probably some people may lose their money.

So many people being affected caused by their money got stolen by hacker. This garbage platform must die.

The hacker knows if tether can be frozen and he was converting all of assets without the possibility to be frozen. 15 million USD gone

We cant really remove the possibilities of these hacking events talking about probabilities of inside job.They do always really ending up on hacking incident
rather than saying that they had ran all of those funds to make it look realistic at all and since the characteristic of crypto when it comes to anonymity
and irreversible transactions then we can say that they can really cover up their own tracks and cherish out those millions after that.
I do feel sad to those investors who had trust up soo much with that Furucombo project and now its totally gone in a short span of time.