Curve omnipool platform Conic Finance hacked for $3.2 million in ETH

7


Conic Finance, a liquidity pool balancing platform for the decentralized finance (DeFi) protocol Curve, has suffered an exploit on the Ethereum omnipool.

Conic Finance has been exploited for $3.26 million in Ether (ETH), the Web3 risk-alert source Beosin Alert reported on July 21. Nearly the entire amount of stolen cryptocurrency was sent to a new Ethereum address in just one transaction, according to data provided by Beosin.

Transactions on the address involving a flashloan exploit on Coin ETH Pool. Source: Etherscan

Conic Finance was quick to confirm the news on Twitter, stating that the platform is currently investigating the exploit and will share updates as soon as they are available.

Related: DeFi protocol Arcadia Finance hacked on Ethereum and Optimism for $455K

According to the initial analysis provided by the blockchain security firm Peckshield, the root cause came from the new CurveLPOracleV2 contract.

“Our audit identifies a similar read-only reentrancy issue. However, the same issue is introduced in the newly introduced CurveLPOracleV2 contract, which was not part of the audit scope,” Peckshield wrote.

This is a developing story, and further information will be added as it becomes available.

Magazine: Hall of Flame: Wolf Of All Streets worries about a world where Bitcoin hits