Hack: DeFi Conic protocol loses over $3M in Ethereum

Conic Financea platform that enables liquidity providers from diversify their exhibition several Curve poolshas undergone attack up to 3.2 million dollars on his omnipool Ethereum.

A hacker managed to steal over $3 million in ethers on the decentralized finance protocol Conic this Friday, reported startups specializing in blockchain cybersecurity.

More reports, Conic Finance quickly tweeted on the subject:

We are currently investigating an exploit involving the ETH Omnipool and will share updates as they become available,” wrote the team behind the project.

According to BlockSecthe main cause of the hacking is a oracle price manipulation enabled by a read-only reentrance, a type of attack infamously popular in the DeFi ecosystem.

“Based on the initial analysis of the malicious tx, our initial analysis shows that the root cause comes from the new contract CurveLPOracleV2. Our audit identifies a similar problem of read-only reentrance. However, the same problem is introduced in the new CurveLPOracleV2 contract, which was not part of the audit scope”, tweeted Peckshield.

The Curve Finance protocol confirmed that the problem was related to Ethereum omnipool. At the same time, Conic disabled the ETH depots.

Followed with Conic on this one. Issue was identified, only ETH omnipool is affected there https://t.co/dhuCKfuWC8

– Curve Finance (@CurveFinance) July 21, 2023

The TVL of Conic Finance, which posted $155 million yesterday, dropped below $125 million this Friday, according to data provided by Defillama.

To follow theCrypto news and Web3find Corners.en on TwitterLinkedin, Facebook or Telegram