Furucombo, a DeFi batching tool is the newest addition to the swelling numbers of DeFi apps that lost millions of dollars due to an exploit. The attack was updated on a recent tweet on their Twitter account.
Furucombo is a DeFi app that functions as a gateway for the masses to enter into the DeFi world by allowing end-users to drag and drop various protocols onto a dashboard. It can be compared to building your own DeFi legos, but you don’t need to know how to code.
The attacker launched an “evil contract” exploit that resulted in $15M losses in the DeFi app in the latest update. The contract launched by the attacker has tricked the app by posing as a new version of Aave. In their recent update, Furucombo stated that the issue has already been resolved.
The attack launched on Furucombo is similar to the $20 million “evil attacks” on Pickle Finance and the $37 million “evil spell exploit” on Alpha Finance.
The number of exploits has been on the rise and still one of the major challenges of DeFi. Earlier this month, Yearn Finance, a DeFi platform, reportedly lost $2.8M in an exploit attack. According to research, 20 major protocol exploits happened in 2020 alone resulting in a total of over $130M loss of funds.
DeFi projects rely on unaudited smart contracts that have vulnerabilities that bad actors can exploit. bZx, a DeFi lending protocol has fallen victim to an exploit two in a row in February 2020. The attacks happened in just less than a week of intervals. The exploit resulted in a total loss of $630K in ETH (Ether). And again, in September 2020, the platform lost $8.1 million in yet another exploit. With the case of Furucombo, instead of draining funds from the protocol, the attacker utilized the ability to transfer the funds of every user who had given the protocol token permissions.
Recently, efforts were being made to help combat the security issues on DeFi projects by creating homegrown alternatives. ReviewsDAO, a simple forum for connecting security experts and projects looking for an extra set of eyes was formed by Emiliano Bonassi earlier this month. In an interview with Cointelegraph, Bonassi stated:
“I think that now, after all the hacks we’ve had, we basically understand that if you have two audits, three audits, it doesn’t mean you’re safe.”
He further added that audits can be useful at this point but are should not be treated as silver bullets.
The booming crypto industry has paved the way to a significant increase in the number of DeFi projects launched every day. But with the persisting issue on DeFi security caused by the vulnerabilities in the smart contract codes, the number of exploits, hacks, and other security concerns will continue to be on the rise as the DeFi ecosystem progresses.