Key Points:
The root cause of the attack was identified as a “re-entrancy attack,” which exploited a wrong assumption about the address returned by the Curve Meta Registry for ETH in Curve V2 pools.
The re-entrancy attack is a well-known vulnerability in smart contracts that allows attackers to repeatedly call a protocol, tricking it into transferring assets. In this case, the attacker took advantage of a discrepancy in the price data provided by the oracle, enabling them to manipulate the pricing system and withdraw the stolen funds.
Conic Finance has been proactively addressing the issue and is deploying a fix to the affected contract to prevent further exploits. The protocol has confirmed that the exploit cannot be performed again on the ETH Omnipool, and user withdrawals are secure. Additionally, they assured the community that no other Conic Omnipools were affected by this particular issue.
The incident highlights the significance of oracle systems in DeFi, as they provide real-time price data for various assets. However, they also present a potential attack vector for hackers seeking to exploit vulnerabilities in the system.
This exploit came shortly after another DeFi platform, Sturdy Finance, suffered a similar oracle manipulation attack that resulted in an $800,000 loss. These incidents underscore the importance of ongoing vigilance and security measures within the DeFi ecosystem.
Conic Finance aims to provide a more detailed post-mortem analysis of the exploit soon, shedding light on the specific factors that allowed the re-entrancy attack to occur and the measures taken to prevent such occurrences in the future.
As the DeFi space continues to evolve, ensuring the security and integrity of protocols remains a top priority to safeguard user funds and foster trust in the ecosystem.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
MiCA stablecoin rules aim to enhance market clarity and stability, potentially increasing the adoption of…
The Binance account incident was thoroughly investigated by the exchange and concluded that it was…
OKX User Loses $2 million due to a deepfake attack. Fraudsters used AI to bypass…
Saylor, a notable Bitcoin advocate, faces scrutiny over his views on cryptocurrency regulation amidst the…
Binance account hack linked to the Aggr Chrome plug-in, resulted in unauthorized transactions and huge…
Digital asset investment products saw their fourth consecutive week of inflows, totaling $185 million, with…
This website uses cookies.