How Hackers Pilfer $3.26 Million From Protocol
Conic Finance, a major player in the DeFi industry, has faced a setback following an exploit that targeted the ETH Omnipool within the Curve Finance ecosystem. DeFi has been praised for its potential to distribute power among communities, but recent exploits have raised concerns about scalability.
On Friday, the Beosin Alert reported that a significant amount of cryptocurrency was stolen and sent to a new Ethereum address in a single transaction. The hacker managed to steal 1,727 ETH, valued at $3.26 million.
Conic Finance promptly confirmed the news on Twitter and assured the public that they are actively investigating the exploit and will provide updates as they become available.
Seems @ConicFinance was exploited for $3.26M in tx: https://t.co/K0VjnFprAE
The stolen funds were sent to 0x3d32C5a2E592c7B17e16bdDc87EAb75f33ae3010 pic.twitter.com/mZr4MOkMQF
— Beosin Alert (@BeosinAlert) July 21, 2023
Non-Industry Standard Oracle Infra Draws Criticism
The exploit was traced back to issues originating from the new CurveLPOracleV2 contract. The community criticized Conic Finance for employing non-industry standard Oracle infrastructure, which may have contributed to the vulnerability.
Unfortunately, such incidents are not isolated within the DeFi space, as other projects like Jimbos Protocol have also suffered significant losses due to exploits. This raises concerns about the overall security and viability of Oracle-less approaches.
As of today, the market cap of cryptocurrencies stood at $1.16 trillion. Chart: TradingView.com
To its credit, Conic Finance took swift action to address the issue. They conducted a thorough investigation and acknowledged the exploit, ensuring that the affected contract was fixed.
The exploit was identified as a “re-entrance attack,” facilitated by a mistaken assumption regarding the address returned by the Curve Meta Registry for ETH in Curve V2 pools.
DeFi Breach: Native Token CNC Takes A Hit
As a result of the exploit, the ETH Omnipool experienced a significant loss of funds, leading to a sharp decline in the Total Value Locked (TVL).
Earlier that week, Conic Finance had experienced a remarkable 234% surge in TVL, but this figure quickly dropped from around $111 million to $50.03 million, illustrating the severity of the impact.
Moreover, Conic Finance’s native token CNC also suffered a significant blow, with its price plunging by over 54% in the past 24 hours.
CNC price in red in all timeframes. Source: Coingecko
These developments have undoubtedly shaken investor confidence in the project, emphasizing the need for the Conic Finance team to adopt more robust security measures.
DeFi hacks have become a familiar occurrence within the industry. In the second quarter of 2023, hackers managed to swipe an estimated $204 million through various scams and breaches, as per a report by DeFi, the Web3 portfolio app.
However, it’s worth noting that the losses experienced in Q2 were relatively less severe compared to the preceding quarter. CertiK, in its report, revealed that from January to March, the DeFi space suffered substantial losses, with over $320 million being compromised.
The Conic Finance incident is a stark reminder that the journey towards decentralized financial systems is not without its challenges.
As the industry continues to mature, it is crucial for projects to prioritize security, transparency, and collaboration, ultimately strengthening the trust of users and investors alike.
Featured image from FX Empire