Bitcoin
$63,832.24-0.69%
Ethereum
$3,138.14-0.47%
Binance Coin
$587.72-0.90%
Solana
$146.36-1.12%
XRP
$0.52948422-1.20%
Dogecoin
$0.16164015+1.97%
Toncoin
$5.78-0.29%
Cardano
$0.45809601-2.87%
Shiba Inu
$0.00002474-3.09%
Avalanche
$36.97+2.77%
Tron
$0.12143085-1.70%
Wrapped Bitcoin
$63,848.75-0.68%
PlayIconNav
Crypto Prices CoinDesk 20 Index CoinDesk 20 Index
Countdown to ConsensusThe largest and longest running event that covers all sides of crypto and Web3
24
DAYS
00
HR
23
MIN
44
SEC
Technology

DeFi Protocol Conic Finance Hacked for 1,700 Ether

Security firm BlockSec said that the root cause of the attack was price manipulation caused by "read-only reentrancy."

By Shaurya Malwa
AccessTimeIconJul 21, 2023 at 2:04 p.m. UTC
Conic Finance was drained of 1,700 ether. (Kevin Ku/Unsplash)
Conic Finance was drained of 1,700 ether. (Kevin Ku/Unsplash)
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Decentralized finance (DeFi) protocol Conic Finance said Friday that it had suffered an exploit that allowed an attacker to grab over 1,700 ether (ETH), worth over $3.6 million at current prices, that affected one of its Omnipools.

Security firm BlockSec said that the root cause of the attack was price manipulation caused by "read-only reentrancy." Reentrancy is a common bug that allows attackers to trick a smart contract by making repeated calls to a protocol in order to steal assets. A call is an authorization for the smart contract address to interact with a user’s wallet address.

Conic Finance, which went live on March 1, allows users to deposit tokens into its Omnipools, a new product that diversifies exposure across the Curve ecosystem while increasing rewards. The protocol attracted millions of dollars in capital shortly after going live, suggesting huge demand for such a product.

Each Omnipool allocates liquidity of a single asset into different Curve pools. All Curve liquidity provider (LP) tokens get staked on Convex to boost Curve (CRV) rewards earnings. Convex (CNX), another Curve ecosystem token, is also rewarded, as is Conic (CNC), Conic’s native token.

Meanwhile, Conic Finance developers tweeted that they were continuing to investigate the root cause of the exploit and were consulting with relevant parties.

The developers added that they had closed the faulty pool that apparently allowed the hack to take place. "We have disabled ETH Omnipool deposits on the Conic front end," they wrote.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Shaurya Malwa
Shaurya Malwa

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.

Follow @shauryamalwa on Twitter

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.

Read more about
DeFiHack