Hackers steal $3.2 million worth of Ethereum from Conic Finance’s DeFi protocol
Decentralized finance (DeFi) protocol Conic Finance has lost more than $3.2 million worth of Ether (ETH) in two separate hacking incidents in recent days.
The first attack, which occurred on Friday of last week, was described by the Conic Finance team as a “re-entry attack” that exploited a vulnerability in Curve V2 pools, earning the attacker 1,700 ETH tokens.
“A fix to the affected contract is being implemented,” the team wrote.
The team assured the community that the exploit “cannot be redone” for the same Omnipool and said that “no other Conic Omnipool is affected by this issue.”
However, a few hours later, the team again reported that they had suffered an exploit, this time draining roughly $300,000 worth of tokens from the crvUSD Omnipool.
“In response to this and given today’s ETH exploit, we are immediately enforcing maximum security measures and temporarily shutting down all Omnipools,” said a new tweet from Conic Finance.
The team emphasized that the second attack was “unrelated to the ETH Omnipool re-entry exploit.”
Two ‘extremely difficult’ days
in an autopsy update Posted after the two attacks, the Conic Finance team admitted that the past two days have been “extremely difficult.”
“We are devastated by this situation and will do everything in our power to recover the stolen funds,” the team said.
The postmortem update appeared to partly blame the two attacks on Curve, saying of the second incident that interaction with “unbalanced groups of Curve” caused the vulnerability.
Curve is a decentralized exchange (DEX) for stablecoins that uses the Automated Market Maker (AMM) model to manage liquidity.
“While we had some mechanism in place to ensure we didn’t interact with unbalanced Curve pools, the limits we had set were not strict enough and allowed the attacker to slowly drain pool funds,” the team wrote.
Despite this, the update also said that members of the Curve team “deserve recognition for their tremendous help and support.”
Conic Finance is a relatively new DeFi project, and the protocol token, CNC, is currently only listed on MEXC and CoinEx, plus a few decentralized exchanges.
At press time on Monday, the CNC token is down 45% over the last 7 days, CoinGecko data showed.