Hackers stole $3.2 million worth of Ethereum from Conic Finance DeFi protocol.

Hackers stole $3.2 million worth of Ethereum from Conic Finance DeFi protocol.

The Conic Finance DeFi Protocol Faces Devastating Hacking Attacks

Source: Pixabay

The blockchain industry is no stranger to hacking incidents, and the decentralized finance (DeFi) protocol Conic Finance has recently fallen victim to two separate attacks, resulting in the loss of over $3.2 million worth of Ether (ETH). These attacks have not only highlighted the vulnerabilities of decentralized platforms but have also raised concerns about the security of the blockchain industry as a whole.

The First Attack: Exploiting a Vulnerability in Curve V2 Pools

The initial attack occurred last Friday when Conic Finance experienced what is known as a “re-entrancy attack.” This type of attack takes advantage of a vulnerability in smart contracts, allowing the attacker to repeatedly enter and exit a contract, draining funds in the process. In this case, the attacker exploited a vulnerability in Curve V2 pools, resulting in the theft of 1,700 ETH tokens.

To address the issue, the Conic Finance team is deploying a fix for the affected contract. They have assured the community that the exploit cannot be repeated for the same Omnipool and that no other Conic Omnipools have been compromised. However, these measures were not enough to prevent a second attack.

The Second Attack: Draining Tokens from the crvUSD Omnipool

Within hours of the first attack, the Conic Finance team reported a second exploit. This time, approximately $300,000 worth of tokens were drained from the crvUSD Omnipool. In response to this attack and the earlier ETH exploit, the team implemented maximum safety measures and temporarily shut down all Omnipools. Importantly, they emphasized that the second attack was unrelated to the ETH Omnipool’s re-entrancy exploit, indicating that multiple vulnerabilities were present.

“In response to this and given today’s ETH exploit, we immediately enforced maximum safety measures and temporarily shutdown all Omnipools,” a new tweet from Conic Finance said.

A post-mortem update by the Conic Finance team admitted that these past two days have been “extremely difficult.” The team expressed their devastation and pledged to do everything in their power to recover the stolen funds. Furthermore, they partially attributed the blame for both attacks to Curve, a decentralized exchange (DEX) for stablecoins that utilizes the automated market maker (AMM) model.

The Role of Curve in the Vulnerability

According to the post-mortem update, the Conic Finance team suggested that the interaction with “imbalanced Curve pools” caused the vulnerability. Curve’s AMM model manages liquidity but, in this case, interacting with pools that were not properly balanced allowed the attacker to slowly drain funds. The team acknowledged that the mechanisms they had in place to prevent interaction with imbalanced Curve pools were insufficient. However, they also acknowledged the significant help and support provided by Curve’s team members throughout the ordeal, lauding their efforts.

“While we did have some mechanism in place to ensure we did not interact with imbalanced Curve pools, the bounds that we had set were not tight enough and allowed the attacker to slowly drain funds from the pool,” the team wrote.

Challenges for Conic Finance and the Wider DeFi Community

Conic Finance, being a relatively new DeFi project, is facing significant challenges following these hacking attacks. The value of its token, CNC, has dropped by 45% in the past seven days, as reported by CoinGecko. This not only demonstrates the financial impact on Conic Finance but also highlights the potential reputational damage that such incidents can have.

These attacks on Conic Finance serve as a reminder that security vulnerabilities persist within the blockchain industry. While the decentralized nature of blockchain technology provides several advantages, it also presents unique challenges when it comes to safeguarding funds and protecting user data. The constant evolution of attack techniques requires continuous efforts to improve security measures.

Summary

The recent hacking attacks on Conic Finance have exposed vulnerabilities in the blockchain industry, particularly within the DeFi sector. Exploiting a vulnerability in Curve V2 pools, the attackers were able to drain millions of dollars worth of ETH tokens from Conic Finance. Subsequently, another attack targeting the crvUSD Omnipool resulted in further financial losses.

Conic Finance has placed some of the blame on Curve, highlighting the need for tighter security measures in interoperable systems within the decentralized ecosystem. These incidents serve as a reminder that the blockchain industry must continuously evaluate and enhance security protocols to protect users and their assets.

The aftermath of these attacks will undoubtedly test the resilience of Conic Finance and the wider DeFi community. However, it is through such challenges that the industry can learn and grow, strengthening its defenses against would-be attackers.

We will continue to update Phone&Auto; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

DeFi

Matter Labs steps back as zkSync launches ecosystem portal managed by DappRadar.

Matter Labs proudly unveiled the zkSync ecosystem portal, a groundbreaking initiative that will be expertly overseen ...

DeFi

Memecoin mania hits Base: Obscure tokens surge due to rug pulls and FOMO

Enthusiastic traders have enthusiastically embraced the latest memecoin craze, spurred by the introduction of new tok...

DeFi

Upbit stops fake APT token flood, resumes services.

Upbit, the leading crypto exchange, announces the successful resolution of the issue related to a counterfeit APT tok...

DeFi

$204M lost in Q2 DeFi hacks and scams.

More than 25% of the lost funds were caused by problems related to controlling access, while exploits and rugpulls we...

Markets

Bitcoin's stable price may cause ETH, XRP, LDO, and RNDR to experience breakouts.

Bitcoin, Ethereum, XRP, Lido, and Render are maintaining their levels of support, indicating that some traders may be...

News

Vitalik Buterin's Bold Redesign for Ethereum Staking - Get Ready for a Game-Changing UTXO Payment Model!

Vitalik Buterin emphasizes the need to improve Ethereum's staking process to promote better mining and staking groups.