The DeFi platform Conic Finance has suffered losses totaling over $3.2 million in Ether (ETH) due to two separate hacking events in the recent past.
The initial breach, which transpired last Friday, was labeled a “re-entrancy attack” by the Conic Finance representatives. This particular method targeted a weakness in the Curve V2 pools, allowing the hacker to make off with 1,700 ETH tokens.
In response, the team announced, “A remedy for the compromised contract is in the process of being rolled out.”
They further calmed their user base by affirming that the specific exploit “will not reoccur” with the same Omnipool. They also clarified that “other Conic Omnipools remain unaffected by this challenge.”
Second attack
Merely hours after addressing the initial breach, the Conic Finance team had to disclose yet another security incident. In this subsequent exploit, around $300,000 worth of tokens were siphoned from the crvUSD Omnipool.
Reacting to both the Ether exploit and this new attack, Conic Finance took to Twitter to announce, “In light of these events and particularly today’s ETH exploit, we’ve taken the utmost precautions, opting to temporarily halt all Omnipools.”
The team was keen to emphasize that the second breach was distinct and had “no connection to the re-entrancy exploit in the ETH Omnipool.”
‘Extremely difficult’ two days
Following the two breaches, Conic Finance released a post-mortem update acknowledging the challenges they faced. Describing the recent days as “extremely difficult,” the team expressed their deep distress over the situation.
The statement read, “The weight of this situation weighs heavily on us, and we are committed to doing everything within our reach to recoup the misappropriated funds.”
Interestingly, the post-mortem seemed to hint at Curve as a contributing factor to both incidents. Specifically, regarding the second exploit, the update pointed to an issue arising from “interactions with imbalanced Curve pools” as the source of vulnerability.
For context, Curve operates as a decentralized exchange (DEX) specialized in stablecoins. It employs the automated market maker (AMM) mechanism to oversee liquidity.
“While we implemented measures to prevent interactions with imbalanced Curve pools, our parameters weren’t stringent enough. This oversight allowed the attacker to methodically siphon off funds,” the Conic Finance team stated.
However, in spite of the issues, the update extended gratitude towards Curve’s team, lauding them for their invaluable assistance and unwavering support during this crisis.
Conic Finance is still in its nascent stages as a DeFi venture. Currently, its proprietary token, CNC, is traded on a limited number of platforms — specifically MEXC and CoinEx, along with a handful of decentralized exchanges.
By Monday’s press deadline, the CNC token had experienced a notable dip in value. According to CoinGecko data, it had plummeted by 45% over the preceding week.