the attacker stole over $14 million in crypto during the hack using this wallet. the attacker ‘tricked’ the furucombo protocol into thinking that their contract was a new verison of aave. from there, instead of draining funds from the protocol as in previous evil contract exploits, the attacker instead leveraged the ability to transfer the funds of every user who had given the protocol token permissions. this attack is conceptually similar to the $20 million “evil jar” attack on pickle finance and the $37 million “evil spell” exploit of alpha finance. in these “evil contract” exploits, an attacker creates a contract that fools a protocol into believing it belongs there, giving them access to protocol funds.
Realated Organizationcrypto hacks