Conic Finance Confirms Other Liquidity Pools Not Affected By Hack

Key Points:

• DeFi protocol Conic Finance suffered an exploit, allowing attackers to grab over 1,700 ETH worth over $3.2 million from its Omnipool.
• The root cause of the attack was a “re-entrancy attack” resulting from a wrong assumption in the Curve Meta Registry for ETH in Curve V2 pools.
• Conic Finance is actively addressing the issue, deploying a fix for the affected contract, and ensuring the safety of user withdrawals.

In the latest announcement from Conic Finance, the DeFi protocol provided a detailed status update regarding the recent exploit that led to the loss of over 1,700 Ether (ETH), valued at over $3.2 million.

The root cause of the attack was identified as a “re-entrancy attack,” which exploited a wrong assumption about the address returned by the Curve Meta Registry for ETH in Curve V2 pools.

The re-entrancy attack is a well-known vulnerability in smart contracts that allows attackers to repeatedly call a protocol, tricking it into transferring assets. In this case, the attacker took advantage of a discrepancy in the price data provided by the oracle, enabling them to manipulate the pricing system and withdraw the stolen funds.

Conic Finance has been proactively addressing the issue and is deploying a fix to the affected contract to prevent further exploits. The protocol has confirmed that the exploit cannot be performed again on the ETH Omnipool, and user withdrawals are secure. Additionally, they assured the community that no other Conic Omnipools were affected by this particular issue.

The incident highlights the significance of oracle systems in DeFi, as they provide real-time price data for various assets. However, they also present a potential attack vector for hackers seeking to exploit vulnerabilities in the system.

This exploit came shortly after another DeFi platform, Sturdy Finance, suffered a similar oracle manipulation attack that resulted in an $800,000 loss. These incidents underscore the importance of ongoing vigilance and security measures within the DeFi ecosystem.

Conic Finance aims to provide a more detailed post-mortem analysis of the exploit soon, shedding light on the specific factors that allowed the re-entrancy attack to occur and the measures taken to prevent such occurrences in the future.

As the DeFi space continues to evolve, ensuring the security and integrity of protocols remains a top priority to safeguard user funds and foster trust in the ecosystem.

DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.