DeFi Protocol Conic Finance Suffers $3.25M Exploit
Decentralized finance (DeFi) protocol Conic Finance has lost over 1,726 Ethereum (ETH) worth around $3.25 million to hackers due to issues arising from an Oracle contract.
DeFi protocols aim to distribute power among the community instead of concentrating it on a few individuals or entities. But frequent exploits are acting as a hindrance to the scalability of DeFi.
Conic Finance Investigates Exploit of ETH Omnipool
Conic Finance said it is investigating an exploit on the ETH Omnipool. Omnipools are liquidity pools for the Curve Finance ecosystem for allocating single underlying assets across various Curve pools.
The screenshot below shows that the hacker stole over 1,727 ETH, worth over $3.25 million.
What Caused Attack?
According to the blockchain security firm PeckShieldAlert, the exploit was due to issues originating from the new CurveLPOracleV2 contract. The community criticized the project for using non-industry standard Oracle infrastructure.
Earlier in May, Jimbos Protocol also faced criticism for the idea of an Oracle-less project. The project lost around $7.5 million to hackers.
Later, Conic Finance updated that they were fixing the affected contract, and only the ETH Omnipool was drained. It also informed the users that the withdrawals were safe for them. The DeFi protocol wrote:
“The root cause was a re-entrancy attack that was able to be performed because of a wrong assumption as to what address is returned by the Curve Meta Registry for ETH in Curve V2 pools.”
It is worth noting that Conic Finance celebrated a 234% surge in the Total Value Locked (TVL) this week. But by Friday, the TVL sharply plummeted from around $156 million to $111.24 million.
Also, the price of native token CNC is down by more than 21% in the past 24 hours.
Got something to say about Conic Finance or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on TikTok, Facebook, or Twitter.
For BeInCrypto’s latest Bitcoin (BTC) analysis, click here.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.
