Crypto Daily
2023-07-22 12:30:00

Conic Finance Becomes Latest DeFi Protocol To Suffer Exploit

DeFi protocol Conic Finance revealed that it had suffered an exploit, with the attacker draining over 1700 ETH worth $3.6 million from one of its Omnipools. Conic Finance is a liquidity pool balancing platform for the decentralized finance protocol Curve. Details Of The Hack According to security firm BlockSec, the attack’s root cause was price manipulation caused by “read-only reentrancy.” Reentrancy is a common bug that allows attackers to exploit smart contracts by tricking them into making repeated calls to the targeted protocol and stealing its assets. A call is an authorization for a smart contract to interact with a user’s wallet address. Web3 risk-alert source Beosin stated that a single transaction sent nearly the stolen amount to a new Ethereum address. Conic Finance reached out to users, tweeting they were investigating the exploit and would share updates soon. “We are currently investigating an exploit involving the ETH Omnipool and will share updates as soon as they are available.” Security firm PeckShield also analyzed the attack, revealing the root cause to be originating from the protocol’s new CurveLPOracleV2 contract. The firm tweeted, “Hi, @ConicFinance. Based on the initial analysis from the malicious tx, our initial analysis shows the root cause comes from the new CurveLPOracleV2 contract. FWIW, our audit identifies a similar read-only reentrancy issue. However, the same issue is introduced in the newly introduced CurveLPOracleV2 contract, which was not part of the audit scope.” Curve has also been following up with Conic Finance, stating that the primary issue had been identified and only the ETH Omnipool was impacted. “If you have funds on @ConicFinance please remove! There seem to be an attack, which though doesn't drain all in one go” Conic later tweeted a detailed version of events, stating that they were alerted of an exploit impacting the $crvUSD Omnipool, adding they had taken all possible safety measures to limit the attack. “Roughly four hours ago, we were alerted of an exploit affecting the $crvUSD Omnipool. In response to this and given today’s ETH exploit, we immediately enforced maximum safety measures and temporarily shut down all Omnipools.” DeFi Hacks A Major Problem The decentralized finance ecosystem has been plagued by a series of high-profile hacks impacting several major projects. A report by Web3 portfolio application De.Fi highlighted the scale of the problem. The reports stated that DeFi hacks and scams resulted in attackers stealing over $200 million in the second quarter of 2023 alone. However, losses to DeFi hacks were smaller in Q2 when compared to Q1 of 2023, with CertiK reporting that protocols lost over $320 million between January and March. Conic Finance had only recently gone live, allowing users to deposit tokens into their Omnipools. Omnipools allowed users to diversify their exposure across the Curve ecosystem and also increased rewards. After going live, Conic Finance was able to attract millions of dollars in capital, highlighting the huge demand for such a product. Conic’s Omnipools work by allocating the liquidity of a single asset across multiple Curve pools. Curve liquidity provider (LP) tokens are staked on Convex, boosting CRV rewards. Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Crypto 뉴스 레터 받기
면책 조항 읽기 : 본 웹 사이트, 하이퍼 링크 사이트, 관련 응용 프로그램, 포럼, 블로그, 소셜 미디어 계정 및 기타 플랫폼 (이하 "사이트")에 제공된 모든 콘텐츠는 제 3 자 출처에서 구입 한 일반적인 정보 용입니다. 우리는 정확성과 업데이트 성을 포함하여 우리의 콘텐츠와 관련하여 어떠한 종류의 보증도하지 않습니다. 우리가 제공하는 컨텐츠의 어떤 부분도 금융 조언, 법률 자문 또는 기타 용도에 대한 귀하의 특정 신뢰를위한 다른 형태의 조언을 구성하지 않습니다. 당사 콘텐츠의 사용 또는 의존은 전적으로 귀하의 책임과 재량에 달려 있습니다. 당신은 그들에게 의존하기 전에 우리 자신의 연구를 수행하고, 검토하고, 분석하고, 검증해야합니다. 거래는 큰 손실로 이어질 수있는 매우 위험한 활동이므로 결정을 내리기 전에 재무 고문에게 문의하십시오. 본 사이트의 어떠한 콘텐츠도 모집 또는 제공을 목적으로하지 않습니다.