Decentralized finance transaction combination tool Furucombo will compensate the victims of a recent “evil contract” exploit that cost the protocol $15 million in stolen funds.

Following an internal call with affected users last week, Furucombo released a compensation plan Tuesday, announcing that they will issue 5 million iouCOMBO tokens to the victims of the breach. Issued in the form of ERC-20 tokens, iouCOMBO tokens will represent the rights to claim Furucombo’s COMBO tokens in the recovery pool.

Out of a total of 100 million COMBO tokens, 5 million coins have been allocated to the recovery pool, and are subject to a 360-day linear-vesting period, starting from March 1. According to an announcement, Furucombo expects to create and distribute the recovery pool in April following the completion of audits.

Source: Furucombo

COMBO token holders are incentivized to share fees collected on Furucombo and participate in governance. At publishing time, COMBO token is trading at $2.85, down about 3.4% over the past 24 hours. On the day of the hack, the token traded at $5.22, according to data from CoinMarketCap.

As previously reported, Furucombo suffered a contract exploit on Feb. 27, with the attacker using a fake contract to trick the protocol into thinking that their contract was a new version of Aave. In an official post-mortem on March 1, Furucombo said that the breach affected 22 users, resulting in a loss worth $15 million in 21 different assets. The stolen assets included major DeFi coins like Bao Finance (BAO), COMBO, Curve DAO (CRV), as well as popular stablecoins like Tether (USDT) and USD Coin (USDC), Furucombo told Cointelegraph.

Furucombo lost a further $1.74 million in working capital during the exploit. “We have decided to keep the remaining funds to sustain the project and office operations and ensure we are able to continue our commitment to the COMBO community,” the team wrote.

Furucombo has reported the issue to law enforcement and has started cooperating with smart contract analytics service Certora to receive a full audit for the incident.