DeFi Protocols Hacked - Massive Losses - News-Credit-Mortgage-Coin


Car donation, Insurance, Credit, Money, news

Coin Market

Sunday, February 28, 2021

DeFi Protocols Hacked - Massive Losses


Two DeFi protocols have been attacked today. Attackers targeted FuruCombo (COMBO) and ArmorFi (ARMOR).

FuruCombo (COMBO) is an integrated Ethereum-based DeFi product that focuses on building Lego-like structures, "combinations" that allow users to provide liquidity and use multiple intermediaries for the decentralized exchange. Today, $ 14 million has fallen into the hands of attackers from this protocol.

Fake AaveV2 Stole FuruCombo's Liquidity

Earlier in the morning today, FuruCombo (COMBO) notified its users that part of its ecosystem has been compromised. All affected items were immediately de-authorized. Also, FuruCombo told its customers to carry their tokens.

Today at 4:47 PM UTC the Furucombo proxy was compromised by an attacker. We have deauthorized the relevant components and believe the vulnerability to be patched but we recommend users remove approvals out of an abundance of caution.

FuruCombo (COMBO) reported a $ 15 million loss due to the attack. Later, the team admitted that $ 15 million in various assets were inaccessible. That's why FuruCombo will announce a "mitigation plan". Some users lost hundreds of thousands of dollars, according to Twitter comments. Cryptocurrency researcher Igor Igamberdiev, known for examining attacks on DeFi protocols, reported that an attacker made FuruCombo (COMBO) tools to handle the impersonator contract as a new implementation of the AaveV2 protocol.

Attackers Launches Fake AaveV2 Contract

According to Igamberdiev, hackers smuggled money for 21 assets worth more than $ 14 million during the attack.
This Is Not The FirstTwo weeks ago, on February 13, 2021, CREAM DeFi's project, IronBank, lost more than $ 37,500,000 due to a flash-credit attack that affected five protocols.
At the same time, ArmorFi (ARMOR), a multipurpose DeFi protocol, reported an attack with an unusual design. According to its official statement, hackers used "social engineering" to steal Armor's funds.
An attacker impersonated an influential OTC investor on Discord. It reached out to two members of the ArmorFi team to close transactions hastily. One of the "non-developer" team members has been selected as escrow. Attackers then sent fake evidence of completed transactions.
As a result, more than 600 Ethereum entered the pockets of scammers. Meanwhile, some commentators on Crypto Twitter also suspect a scam. Analyst Taha Zafar realized that ArmorFi is not preparing an ICO or a special sale. So the whole story about large-scale OTC deals sounds "funny" to him.

No comments:

Post a Comment