DeFi building block service Furucombo exploited for $14M

Furucombo, a drag and drop tool for users to create DeFi transactions, has been exploited.

The exploiter has stolen roughly $14M in ETH and ERC-20 tokens. According to The Block Research's Igor Igamberdiev, the exploiter used a fake contract to trick Furuсombo into thinking that Aave v2 had a new implementation and used this contract to transfer all approved tokens from Furucombo into their wallet.

According to a tweet from Furucombo, the project "believe" that the vulnerability has been patched and is "working on the next steps and will update our community as soon as we can."