Curve Conic Finance omnipool platform hacked for $3.2 million in ETH
According to Peckshield's initial analysis, the root cause of the Conic Finance hack was the new CurveLPOracleV2 contract.
News
Join us on social networks
Conic Finance, a liquidity pool balancing platform for the decentralized finance (DeFi) protocol Curve, has suffered an exploit on the Ethereum omnipool.
Conic Finance was mined for $3.26 million in Ether (ETH), Beosin Alert, the Web3 risk alert source, reported on July 21. Almost the entire amount of stolen cryptocurrency was sent to a new Ethereum address in a single transaction, according to data provided by Beosin.
Address transactions involving flashloan exploit on Coin ETH Pool. Source: EtherscanConic Finance was quick to confirm the news on Twitter, stating that the platform is currently investigating the exploit and will share updates as they become available.
According to initial analysis provided by blockchain security firm Peckshield, the root cause came from the new CurveLPOracleV2 contract.
“Our audit identified a similar read-only reentrancy issue. However, the same issue is introduced in the new CurveLPOracleV2 contract, which was outside the scope of the audit,” Peckshield wrote.
About an hour after the initial report of the attack, Conic Finance also reported that the platform had disabled ETH Omnipool deposits on the Conic front-end.
Related:
According to Peckshield's initial analysis, the root cause of the Conic Finance hack was the new CurveLPOracleV2 contract.
News
Join us on social networks
Conic Finance, a liquidity pool balancing platform for the decentralized finance (DeFi) protocol Curve, has suffered an exploit on the Ethereum omnipool.
Conic Finance was mined for $3.26 million in Ether (ETH), Beosin Alert, the Web3 risk alert source, reported on July 21. Almost the entire amount of stolen cryptocurrency was sent to a new Ethereum address in a single transaction, according to data provided by Beosin.
Address transactions involving flashloan exploit on Coin ETH Pool. Source: EtherscanConic Finance was quick to confirm the news on Twitter, stating that the platform is currently investigating the exploit and will share updates as they become available.
According to initial analysis provided by blockchain security firm Peckshield, the root cause came from the new CurveLPOracleV2 contract.
“Our audit identified a similar read-only reentrancy issue. However, the same issue is introduced in the new CurveLPOracleV2 contract, which was outside the scope of the audit,” Peckshield wrote.
About an hour after the initial report of the attack, Conic Finance also reported that the platform had disabled ETH Omnipool deposits on the Conic front-end.
Related:
What's Your Reaction?
