Decentralized bundling service and exchange Furucombo has suffered a breach leading to over $15 million in funds being stolen.
The Furucombo Twitter team announced the hack on Feb. 27. In the announcement, the team specified that the Furucombo proxy was attacked and compromised around 5pm UTC. The company confirmed that the vulnerability has been patched and that the components have been deauthorized.
Furucombo also advised users of the exchange to remove their token approvals on the site as a cautionary measure.
$15 Million Taken
On Feb. 28, the team confirmed that the hack totaled $15 million in stolen funds. However, Furucombo also confirmed that user funds are now safe. The company is working on a mitigation plan that it will share in the future. No timeline was specified.
One unlucky user of Furucombo commented on the update by the exchange stating that they had lost $197,000 in USDT from the hack. He queried how the company expects to compensate him. In reply, a member of the Furucombo marketing team commented with the mitigation plan that will be shared with the community in due time.
The latest hack follows a plethora of compromised projects over the course of the last year. DeFi projects in particular have suffered dramatically from smart contract exploits.
DeFi and DEXs Continue to Struggle with Security
The list of projects that have suffered from hackers reads like a book. Akropolis, for example, fell victim to a hacker who siphon $2 million from the project. This occurred even though there were multiple audits on the targeted savings pools.
Harvest Finance saw $24 million worth of value stolen from their farms last year. Popular and well known decentralized exchange SushiSwap saw a specific trading pair on its platform hacked for $103,000. While the DEX at the time claimed that the threat was simply a smart scavenger, the scavenger was picking up food that had been left behind.
Either way, it appears that DeFi smart contracts and DEXs still have a way to go to secure their operations. Hackers are becoming more knowledgeable on how smart contracts operate. These projects must hire the best in the business to prevent the loss of client funds.
Popular DeFi education platform DeFi Prime reached out to inform anyone who has used the service to make use of Revoke.Cash and revoke all allowances for the address of the hacker.
The constant security issues and exploitations will continue to hurt the cryptocurrency space along with the future of decentralized finance.