When it comes to the latest news from the cyber-attacks, the latest addition in the list from crypto-firms is Furucombo. It has been revealed that recently, the firm was attacked by a hacker and as a result, the hacker managed to steal a large amount from the firm.
The recent hack at the Furucombo platform has taken place due to the “Evil Contract” that was deployed by the hacker. This helped the hacker carry out his activities on the protocol and he was able to exploit $14 million worth of funds from the platform.
Furucombo is a tool that has been designed and developed to provide convenience to crypto-users. With the help of the tool, the users can batch transactions and can also interact/access several protocols at once. The protocols that the tool facilitates in access are from the decentralized finance (DeFi) sector.
However, it has been revealed that the Furucombo platform ended up falling prey to a cyber-attack. The attack on the Furucombo platform was carried out on February 27, 2021, at 4:45 pm (UTC). The attack carried out by the hacker was based on the token approvals given by the users.
The cyber-security teams currently investigating the hack have shared preliminary information on the matter. The team has revealed that the address used by the attacker shows that the hacker is various cryptocurrencies that sum up to a total of $14 million.
However, the teams are referring that the attack is not just limited to $14 million worth of cryptocurrencies. As per the investigation teams, the attack is of a much larger scale as it seems that the attackers are still being observed transferring ETH.
It has been revealed that the Ethereum (ETH) is being transferred to Tornado Cash, which is a privacy mixer. The firm has confirmed that the hackers have been transferring Ethereum over the last hour through the privacy mixer.
The attack that has been recorded for the Furucombo platform appears to be of the same scale as Pickle Finance. It was just last year when Pickle Finance had fallen prey to one of the cyber-hack exploits worth $20 million and it was called the “Evil Jar”.
Then there was another cyber-hack exploit that was experienced just last month for $37 million at Alpha Finance. When investigated, it was established that the exploit was named “Evil Contract”.
In these kinds of exploits, the hackers create a contract that is fake and is used only to fool and get past the protocol’s security checks. Once entered, the protocol pool starts perceiving it as a native contract and does not do anything about it.
Once that happens, the protocol ends up granting funds access to the evil contract and the hackers use it to exploit huge amounts from the protocol pools.