Conic Finance, a DeFi protocol managed by Curve DEX, has suffered a significant exploit resulting in a hacker making away with 1700 ETH, valued at more than $3.2 million.
Security experts from BlockSec revealed that the attacker exploited a reentrancy flaw within Conic Finance to drain funds from the protocol. This flaw allowed the attacker to repeatedly call a function within a single transaction, thus withdrawing more funds than authorized.
The attack unfolded when the hacker executed a flash loan attack on Conic at 6:35 am ET, borrowing 20,000 staked ether. The funds were sent to Conic’s price oracle, which relied on a third-party “read-only” smart contract, the vulnerability for a reentrancy attack. This tactic allowed the hacker to increase their profit using the flash-loaned stETH, further worsening the breach.
In response to the notification of the hack, Conic announced that it is actively investigating the exploit. The protocol pledged to provide regular updates to keep its users informed as the situation unfolds. Within an hour of its initial announcement, the protocol announced that it “disabled” its ETH Omnipool deposits service.
Conic Finance is a user-friendly tool that aims to facilitate liquidity providers in diversifying their exposure across various Curve pools. The platform offers a Conic Omnipool, allowing users to distribute their funds across different Curve pools based on protocol-controlled pool weights. This means that any user can contribute liquidity to the Conic Omnipool.
This attack on Conic comes in the wake of a hack on another DeFi protocol, Rodeo Finance. The hack happened on July 11, 2023 and it resulted in a substantial loss of $888,000 for the protocol. The hacker also exploited a programming error within the protocol’s Oracle to manipulate an asset’s price.
The attack on Rodeo Finance was categorized as a “ForceInvestment” hack by PeckShield. The perpetrator used a method commonly employed by DeFi protocols to calculate an asset’s average price over a specific time frame, aiming to reduce price fluctuations caused by market volatility.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
