Evil Contract Conceded, Furucombo Transaction Batching Protocol Misses $14 Million

Transaction Furucombo

KANALCOIN NEWS – The decentralized financial transaction batching protocol, Furucombo, reportedly missed $14 million in funds. This condition occurred after Furucombo was conceded by an evil contract scheme.

Through their official Twitter account, Furucombo stated that the system had been broken into by cyber thieves with an evil contract scheme. The attack occurred at 16.45 local time.

Furucombo itself is a tool designed to help users make transactions and interactions with more than one decentralized finance (DeFi) protocol at one time in real time.

Currently, Furucombo reportedly lost up to $ 14 million or around Rp. 200.70 billion due to the attack. However, other findings suggest that the amount taken could be greater than that amount.

The reason is, the thieves had transferred a certain amount of ETH to Tornado Cash’s privacy mixer in batches an hour later. The scheme carried out by the thieves seems quite cunning and evil.

The thieves who targeted the Furucombo used an evil contract scheme. In other words, the thieves create fake contracts to cheat the existing protocol. Thus, the protocol will believe that the contract is genuine and must be fulfilled.

When the protocol is trusted, the protocol will give access to the thief who made the malicious contract. Access granted by the protocol is access to the protocol’s funding resources. Thus, thieves can freely access the many funds owned by the protocol.

In this case, the thieves manipulated the Furucombo protocol to make the protocol think that the contract they had was a new version of Aave. However, oddly enough, the thieves have instead taken advantage of the ability to transfer funds from any user who has granted protocol token permission.

In fact, the previous thieves who also did the same thing preferred to drain all the funds in the protocol they had broken into.

The scheme was also commented on by the co-founder of DeFi Italy, Emiliano Bonassi. In an interview with Cointelegraph quoted by Kanalcoin.com, Bonassi said that limited access could allow thieves to delete all transactions in the protocol.

“Unlimited permissions mean you can delete everyone who interacted with Furucombo,” said Bonassi.

Theft schemes using evil contract strategies are currently on the rise in the DeFi world. Reportedly, more than $ 70 million or around IDR 1 trillion has been stolen in the past few months.

In addition to the attacks that hit Furucombo, previously there were also several attacks that were carried out against protocols with a similar concept. Last year, Pickle Finance lost $20 million after experiencing an evil jar attack.

Meanwhile, Alpha Finance also fell victim to an evil spell attack and lost around $37 million from their company.


Muhammad Zaki Fajrul Haq
Author: Muhammad Zaki Fajrul Haq

Follow me at @mzfajrulhaq (Instagram) or @ZakiFajrul (Twitter).

Notify of
Inline Feedbacks
View all comments