Conic Finance, a liquidity pool balancing platform associated with the decentralized finance (DeFi) protocol Curve, has recently fallen victim to an exploit on the Ethereum omnipool, resulting in a loss of $3.26 million in Ether (ETH).
As of July 21, the value of ETH has dipped to $1,892, following the incident, according to Beosin Alert, a Web3 risk-alert source.
Beosin Alert’s data revealed that the majority of the stolen cryptocurrency was consolidated and transferred to a new Ethereum address in a single transaction, hinting at the sophistication of the attack.
Etherscan’s analysis of the address highlighted the involvement of a flashloan exploit on Coin ETH Pool.
Promptly responding to the breach, Conic Finance took to Twitter to confirm the news and assured users that they are actively investigating the exploit. They promised to share updates as soon as they become available.
Peckshield, a blockchain security firm, conducted an initial analysis of the incident, which revealed that the root cause of the exploit originated from the new CurveLPOracleV2 contract.
READ MORE; Bitcoin Mining Companies Employ Derisking Strategies, Offload BTC to Exchanges
Interestingly, their audit had already identified a similar read-only reentrancy issue, but it was noted that the newly introduced CurveLPOracleV2 contract, which was not part of the audit scope, was the source of the vulnerability.
Within an hour of the initial report, Conic Finance took further precautionary measures and disabled ETH Omnipool deposits on their platform’s front end.
Curve Finance, associated with Conic Finance, confirmed the situation and informed users that only the ETH omnipool was affected.
Unfortunately, DeFi hacks have become increasingly common within the industry.
A recent report by De.Fi, a Web3 portfolio app, highlighted that in the second quarter of 2023 alone, hackers managed to steal more than $204 million through various DeFi hacks and scams.
Despite this alarming figure, the losses from DeFi exploits and scams in Q2 were comparatively lower than those recorded in Q1, with CertiK reporting a staggering $320 million lost from January to March.
In conclusion, the exploit on Conic Finance’s liquidity pool has resulted in substantial losses, raising concerns about the security and vulnerability of DeFi protocols.
With the industry continuously evolving, it is crucial for platform developers and security firms to work together to address and prevent such incidents to safeguard users’ funds and maintain trust in the DeFi ecosystem.
Other Stories:
Bitcoin Mining Companies Employ Derisking Strategies, Offload BTC to Exchanges
Robert F. Kennedy Jr. Pledges to Back US Dollar with Bitcoin if Elected President
