• Conic Finance, a liquidity pool balancing platform for the decentralized finance (DeFi) protocol Curve, has been hacked for $3.2M in ETH on July 21st.
• The root cause of the exploit was the new CurveLPOracleV2 contract according to initial analysis by Peckshield.
• DeFi hacks and scams allowed hackers to steal more than $204 million in Q2 alone according to a report by Web3 portfolio app De.Fi.
Conic Finance Hacked for $3.2M
Conic Finance, a liquidity pool balancing platform for the decentralized finance (DeFi) protocol Curve, has suffered an exploit on Ethereum omnipool leading to stolen cryptocurrency worth of $3.26 million in Ether (ETH). Nearly the entire amount of stolen cryptocurrency was sent to a new Ethereum address with flashloan exploit on Coin ETH Pool as reported by Beosin Alert on July 21st.
Root Cause of Exploit
According to initial analysis provided by blockchain security firm Peckshield, the root cause came from the new CurveLPOracleV2 contract which wasn’t part of the audit scope. Conic Finance disabled ETH Omnipool deposits immediately after confirming that only ETH Omnipool is affected with this issue following their investigation process.
DeFi Hacks and Scams
DeFi hacks have become common in this industry as per Web3 portfolio app De.Fi’s report which states that more than $204 million was lost due to such hacks and scams during second quarter of 2023 itself which is lesser than first quarter losses of over $320 million as reported by CertiK during January-March period earlier this year.
Social Media Confirmation
Conic Finance confirmed news about hack via Twitter and also mentioned that updates will be shared soon after they become available following investigations process while Curve Finance also confirmed it shortly after initial reports revealed details about attack involving flashloan exploit as mentioned above.