Curve omnipool platform Conic Finance hacked for $3.2 million in ETH

Conic Finance, a liquidity pool balancing platform for the decentralized finance (DeFi) protocol Curve, has suffered an exploit on the Ethereum omnipool.

Conic Finance has been exploited for $3.26 million in Ether (ETH), the Web3 risk-alert source Beosin Alert reported on July 21. Nearly the entire amount of stolen cryptocurrency was sent to a new Ethereum address in just one transaction, according to data provided by Beosin.

<em>Transactions on the address involving a flashloan exploit on Coin ETH Pool. Source: Etherscan</em>

Conic Finance was quick to confirm the news on Twitter, stating that the platform is currently investigating the exploit and will share updates as soon as they are available.

Related: DeFi protocol Arcadia Finance hacked on Ethereum and Optimism for $455K

According to the initial analysis provided by the blockchain security firm Peckshield, the root cause came from the new CurveLPOracleV2 contract.

“Our audit identifies a similar read-only reentrancy issue. However, the same issue is introduced in the newly introduced CurveLPOracleV2 contract, which was not part of the audit scope,” Peckshield wrote.

This is a developing story, and further information will be added as it becomes available.

Magazine: Hall of Flame: Wolf Of All Streets worries about a world where Bitcoin hits