Decentralized finance (DeFi) application Furucombo lost $14 million after an exploiter used a fake contract to trick the dapp into thinking it was an Aave v2 update.
The exploiter used this contract to transfer approved tokens to its address, tweeted The Block Research’s Igor Igamberdiev on Saturday. The attack also affected DeFi protocol Cream Finance’s treasury funds, taking $1.1 million, according to a tweet from the protocol’s team.
Furucombo latertweeted that the vulnerability had been fixed.
Furucombo is a tool built for end-users to optimize their DeFi strategy simply by drag and drop. It visualizes complex DeFi protocols into cubes. Users setup inputs/outputs and the order of the cubes (a “combo”), then Furucombo bundles all the cubes into one transaction and sends out. You can learn more about Furucombo here : https://furucombo.app/explore