Transaction batching protocol Furucombo suffers $14 million “evil contract” hack
The latest attack relied on user permissions granted to the protocol The latest “evil contract” exploit has netted an attacker over $14 million in stolen funds. Furucombo, a tool designed to help users “batch” transactions and interactions with multiple protocols at once, fell victim to the attack which centered on token approvals from users. The attacker’s address currently has $14 million worth of various cryptocurrencies, but the attack appears to be larger as they have been transferring ETH to privacy mixer Tornado Cash in batches over the last hour. This attack is conceptually similar....
Related News
Hacked DeFi service Furucombo will issue "iou" tokens as part of its compensation plan to repay 22 affected users. Decentralized finance transaction combination tool Furucombo will compensate the victims of a recent “evil contract” exploit that cost the protocol $15 million in stolen funds.Following an internal call with affected users last week, Furucombo released a compensation plan Tuesday, announcing that they will issue 5 million iouCOMBO tokens to the victims of the breach. Issued in the form of ERC-20 tokens, iouCOMBO tokens will represent the rights to claim Furucombo’s COMBO....
Ethereum defi protocol Cream Finance suffered an exploit yesterday that allowed attackers to steal $130 million from its holdings. The news was first revealed by Peckshield, a blockchain analytics company that discovered a flash loan had exploited the platform. This is the third hack the protocol has suffered in its history, being exploited for $36 and $29 million before, respectively.
Cream Finance Hacked Yet Again
Cream Finance, an Ethereum-based lending and borrowing protocol, suffered an exploit that allowed the hackers to steal $130 million worth of ether and ERC-20 tokens.....
Zabu Finance, a decentralized yield farming protocol on Avalanche, suffered the first big hack related to the chain. The protocol was the victim of an exploit that allowed an attacker to steal $3.2 million in tokens, according to reports. The core of the exploit happened due to a vulnerability in the design of the Spore token, which allowed the minting of 4.5 billion zabu that were successfully withdrawn from the platform, taking the value of the currency to 0.
Zabu Finance Suffers First Big Avalanche Hack
Zabu Finance, a yield farm decentralized protocol built on top of the Avax....
Rari's RGT token is plummeting on the news. After a $11 million attack earlier today, Rari Capital is the latest decentralized finance (DeFi) protocol to fall victim to a high-priced exploit The platform, which builds optimized yield vaults and boutique lending pools, confirmed the attack in a Tweet and said that a full postmortem is forthcoming:There has been an exploit in the Rari Capital ETH Pool related to our @AlphaFinanceLab integration. The rebalancer has removed all funds from Alpha in response. We are currently investigating the situation and a full report will be shared once....
Though a "prime suspect" has been identified, how will the protocol make itself whole? In one of the largest exploits of the DeFi era, this morning an attacker successfully drained over $37 million from Alpha Homora by leveraging Cream’s Iron Bank protocol-to-protocol lending platform. Alpha Finance Lab, whose protocol was audited by Quantstamp and Peckshield, announced on Twitter this morning that they were aware of an attack, that the “loophole” that allowed it had been patched, and that the team had a “prime suspect”:Dear Alpha community, we've been notified of an exploit on Alpha....