Conic Finance, a protocol-based platform Curve omnipool, suffered a massive hack, resulting in the loss of over $3.2 million in ETH (Ether). According to the first analyzes carried out by Peckshield, a company specializing in blockchain security, the cause of this attack is linked to the new version of the CurveLPOracleV2 contract.
Conic Finance confirms the attack and launches an investigation
The Conic Finance platform, which balances pools of liquidity to the decentralized finance protocol (DeFi) Curvewas the victim of an attack on the Ethereum omnipool.
On July 21, Web3 risk alert source Beosin Alert reported that Conic Finance suffered a $3.26 million Ether (ETH) hack. According to data provided by Beosin, almost all of the stolen cryptocurrency was sent to a new Ethereum address in a single transaction.
Conic Finance quickly confirmed the news on Twitterstating that the platform is currently investigating the attack and will share updates as they become available.
According to an initial analysis provided by blockchain security firm peck shieldthe main cause would come from the new contract CurveLPOracleV2.
“Following our audit, we detected a similar issue of reentrancy in read-only mode. However, this same problem appeared with the new CurveLPOracleV2 contract, which was not initially included in the scope of the audit” revealed Peckshield.
About an hour after the initial report of the attack, Conic Finance also announced have disabled ETH Omnipool deposits on the Conic user interface.
Curve Finance subsequently communicated on this subject, indicating that the problem had been identified and that only the ETH omnipool was concerned.
Rise of DeFi attacks growing industry concern
Attacks on DeFi protocols are not a new phenomenon in the industry. According to a report by Web3 wallet app De.Fi, DeFi attacks and scams have allowed hackers to steal more than 204 million dollars in the second quarter of 2023 alone.
However, losses from DeFi attacks and scams were, in fact, lower in the second quarter compared to the first, with CertiK reporting that over $300 million disappeared between January and March.
To close, it is important to recall a significant event of May 2023: the security incident that shook Ede Finance. This DeFi project, operating on the Arbitrum platform, has come under considerable attack. An individual presenting as a white hati.e. an ethical hacker, has stolen no less than $580,000 to the platform.
Source : Cointelegraph