Hackers stole $3.2 million worth of Ethereum from Conic Finance DeFi protocol.

Hackers stole $3.2 million worth of Ethereum from Conic Finance DeFi protocol.

The Conic Finance DeFi Protocol Faces Devastating Hacking Attacks

Source: Pixabay

The blockchain industry is no stranger to hacking incidents, and the decentralized finance (DeFi) protocol Conic Finance has recently fallen victim to two separate attacks, resulting in the loss of over $3.2 million worth of Ether (ETH). These attacks have not only highlighted the vulnerabilities of decentralized platforms but have also raised concerns about the security of the blockchain industry as a whole.

The First Attack: Exploiting a Vulnerability in Curve V2 Pools

The initial attack occurred last Friday when Conic Finance experienced what is known as a “re-entrancy attack.” This type of attack takes advantage of a vulnerability in smart contracts, allowing the attacker to repeatedly enter and exit a contract, draining funds in the process. In this case, the attacker exploited a vulnerability in Curve V2 pools, resulting in the theft of 1,700 ETH tokens.

To address the issue, the Conic Finance team is deploying a fix for the affected contract. They have assured the community that the exploit cannot be repeated for the same Omnipool and that no other Conic Omnipools have been compromised. However, these measures were not enough to prevent a second attack.

The Second Attack: Draining Tokens from the crvUSD Omnipool

Within hours of the first attack, the Conic Finance team reported a second exploit. This time, approximately $300,000 worth of tokens were drained from the crvUSD Omnipool. In response to this attack and the earlier ETH exploit, the team implemented maximum safety measures and temporarily shut down all Omnipools. Importantly, they emphasized that the second attack was unrelated to the ETH Omnipool’s re-entrancy exploit, indicating that multiple vulnerabilities were present.

“In response to this and given today’s ETH exploit, we immediately enforced maximum safety measures and temporarily shutdown all Omnipools,” a new tweet from Conic Finance said.

A post-mortem update by the Conic Finance team admitted that these past two days have been “extremely difficult.” The team expressed their devastation and pledged to do everything in their power to recover the stolen funds. Furthermore, they partially attributed the blame for both attacks to Curve, a decentralized exchange (DEX) for stablecoins that utilizes the automated market maker (AMM) model.

The Role of Curve in the Vulnerability

According to the post-mortem update, the Conic Finance team suggested that the interaction with “imbalanced Curve pools” caused the vulnerability. Curve’s AMM model manages liquidity but, in this case, interacting with pools that were not properly balanced allowed the attacker to slowly drain funds. The team acknowledged that the mechanisms they had in place to prevent interaction with imbalanced Curve pools were insufficient. However, they also acknowledged the significant help and support provided by Curve’s team members throughout the ordeal, lauding their efforts.

“While we did have some mechanism in place to ensure we did not interact with imbalanced Curve pools, the bounds that we had set were not tight enough and allowed the attacker to slowly drain funds from the pool,” the team wrote.

Challenges for Conic Finance and the Wider DeFi Community

Conic Finance, being a relatively new DeFi project, is facing significant challenges following these hacking attacks. The value of its token, CNC, has dropped by 45% in the past seven days, as reported by CoinGecko. This not only demonstrates the financial impact on Conic Finance but also highlights the potential reputational damage that such incidents can have.

These attacks on Conic Finance serve as a reminder that security vulnerabilities persist within the blockchain industry. While the decentralized nature of blockchain technology provides several advantages, it also presents unique challenges when it comes to safeguarding funds and protecting user data. The constant evolution of attack techniques requires continuous efforts to improve security measures.

Summary

The recent hacking attacks on Conic Finance have exposed vulnerabilities in the blockchain industry, particularly within the DeFi sector. Exploiting a vulnerability in Curve V2 pools, the attackers were able to drain millions of dollars worth of ETH tokens from Conic Finance. Subsequently, another attack targeting the crvUSD Omnipool resulted in further financial losses.

Conic Finance has placed some of the blame on Curve, highlighting the need for tighter security measures in interoperable systems within the decentralized ecosystem. These incidents serve as a reminder that the blockchain industry must continuously evaluate and enhance security protocols to protect users and their assets.

The aftermath of these attacks will undoubtedly test the resilience of Conic Finance and the wider DeFi community. However, it is through such challenges that the industry can learn and grow, strengthening its defenses against would-be attackers.

We will continue to update Phone&Auto; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

DeFi

LeetSwap, the biggest decentralized exchange (DEX) on Base, suspends trading due to exploit fears.

Exciting developments on Base's largest decentralized exchange LeetSwap led to a brief pause in trading, as analysts ...

DeFi

Curve-Vyper exploit: The story so far

Curve Finance pools faced a reentrancy attack on July 30, causing a stir in the DeFi ecosystem. Cointelegraph provide...

Opinion

Is it a good time to lay in wait for long-term opportunities? A comprehensive review of six noteworthy crypto projects to watch

This article lists six major encryption projects and investment logic worth long-term attention, covering hot areas s...

DeFi

💰 Funding Challenges and Opportunities for Startups in 2024: Insights from Industry Insiders 🚀

Investors are seeking captivating narratives and robust metrics as key factors in their investment decisions for the ...

DeFi

ConsenSys completes public launch of zkEVM Linea with $26M ETH bridged

ConsenSys successfully completed the public launch of Linea, its Ethereum scaling solution, which has already process...

DeFi

Balancer hacked for almost $900k despite vulnerability alert.

Ethereum's innovative automated market maker, Balancer, experienced a temporary setback as it faced an exploit result...