Hackers stole $3.2 million worth of Ethereum from Conic Finance DeFi protocol.
Hackers stole $3.2 million worth of Ethereum from Conic Finance DeFi protocol.
The Conic Finance DeFi Protocol Faces Devastating Hacking Attacks
The blockchain industry is no stranger to hacking incidents, and the decentralized finance (DeFi) protocol Conic Finance has recently fallen victim to two separate attacks, resulting in the loss of over $3.2 million worth of Ether (ETH). These attacks have not only highlighted the vulnerabilities of decentralized platforms but have also raised concerns about the security of the blockchain industry as a whole.
The First Attack: Exploiting a Vulnerability in Curve V2 Pools
The initial attack occurred last Friday when Conic Finance experienced what is known as a “re-entrancy attack.” This type of attack takes advantage of a vulnerability in smart contracts, allowing the attacker to repeatedly enter and exit a contract, draining funds in the process. In this case, the attacker exploited a vulnerability in Curve V2 pools, resulting in the theft of 1,700 ETH tokens.
To address the issue, the Conic Finance team is deploying a fix for the affected contract. They have assured the community that the exploit cannot be repeated for the same Omnipool and that no other Conic Omnipools have been compromised. However, these measures were not enough to prevent a second attack.
The Second Attack: Draining Tokens from the crvUSD Omnipool
Within hours of the first attack, the Conic Finance team reported a second exploit. This time, approximately $300,000 worth of tokens were drained from the crvUSD Omnipool. In response to this attack and the earlier ETH exploit, the team implemented maximum safety measures and temporarily shut down all Omnipools. Importantly, they emphasized that the second attack was unrelated to the ETH Omnipool’s re-entrancy exploit, indicating that multiple vulnerabilities were present.
- Elon Musk renames Twitter to X, sparking many wannabe tokens.
- Terra interim CEO’s progress constantly derailed by accusations.
- Solana’s Parrot Protocol proposes to remove tokens, putting investors at risk of -89% returns.
“In response to this and given today’s ETH exploit, we immediately enforced maximum safety measures and temporarily shutdown all Omnipools,” a new tweet from Conic Finance said.
A post-mortem update by the Conic Finance team admitted that these past two days have been “extremely difficult.” The team expressed their devastation and pledged to do everything in their power to recover the stolen funds. Furthermore, they partially attributed the blame for both attacks to Curve, a decentralized exchange (DEX) for stablecoins that utilizes the automated market maker (AMM) model.
The Role of Curve in the Vulnerability
According to the post-mortem update, the Conic Finance team suggested that the interaction with “imbalanced Curve pools” caused the vulnerability. Curve’s AMM model manages liquidity but, in this case, interacting with pools that were not properly balanced allowed the attacker to slowly drain funds. The team acknowledged that the mechanisms they had in place to prevent interaction with imbalanced Curve pools were insufficient. However, they also acknowledged the significant help and support provided by Curve’s team members throughout the ordeal, lauding their efforts.
“While we did have some mechanism in place to ensure we did not interact with imbalanced Curve pools, the bounds that we had set were not tight enough and allowed the attacker to slowly drain funds from the pool,” the team wrote.
Challenges for Conic Finance and the Wider DeFi Community
Conic Finance, being a relatively new DeFi project, is facing significant challenges following these hacking attacks. The value of its token, CNC, has dropped by 45% in the past seven days, as reported by CoinGecko. This not only demonstrates the financial impact on Conic Finance but also highlights the potential reputational damage that such incidents can have.
These attacks on Conic Finance serve as a reminder that security vulnerabilities persist within the blockchain industry. While the decentralized nature of blockchain technology provides several advantages, it also presents unique challenges when it comes to safeguarding funds and protecting user data. The constant evolution of attack techniques requires continuous efforts to improve security measures.
Summary
The recent hacking attacks on Conic Finance have exposed vulnerabilities in the blockchain industry, particularly within the DeFi sector. Exploiting a vulnerability in Curve V2 pools, the attackers were able to drain millions of dollars worth of ETH tokens from Conic Finance. Subsequently, another attack targeting the crvUSD Omnipool resulted in further financial losses.
Conic Finance has placed some of the blame on Curve, highlighting the need for tighter security measures in interoperable systems within the decentralized ecosystem. These incidents serve as a reminder that the blockchain industry must continuously evaluate and enhance security protocols to protect users and their assets.
The aftermath of these attacks will undoubtedly test the resilience of Conic Finance and the wider DeFi community. However, it is through such challenges that the industry can learn and grow, strengthening its defenses against would-be attackers.
We will continue to update Phone&Auto; if you have any questions or suggestions, please contact us!
Was this article helpful?
93 out of 132 found this helpful
Related articles
- DeFi Protocol Conic Finance hacked for 1,700 Ether.
- Centralized exchanges will be DeFi gateways: Finance Redefined
- DeFi Parrot project seeks vote on $70M treasury and PRT token.
- Crypto liquidity network embraces DeFi with StarkWare
- Coin Center and Blockchain Association criticize US Senate DeFi bill as ‘unworkable’.
- Binance report: Liquid staking leads DeFi.
- DeFi liquidity protocol integrates Consensys-developed zkEVM rollup Linea