A decentralized finance (DeFi) protocol built on top of the smart contract platform Ethereum (ETH) has been hacked to the tune of about $3.2 million.
New data reveals that Conic Finance (CNC), which provides omnipools, or liquidity pools that allow all trades on a network to occur in a single transaction, to Curve Finance (CRV) has been exploited for $3.26 million, according to crypto security firm Beosin.
In response to the attack, which only affected the protocol’s Ethereum omnipool, Conic Finance disabled deposits into it.
However, about an hour later, Conic provided an update saying that the exploit has been fixed in a way that it could never happen again.
“The root cause was a re-entrancy attack that was able to be performed because of a wrong assumption as to what address is returned by the Curve Meta Registry for ETH in Curve V2 pools. A fix to the affected contract is being deployed.
The exploit cannot be done again for the ETH Omnipool. Withdrawals are safe. No other Conic omnipools are affected by this issue. A more detailed post-mortem will be published soon.”
Conic says they have reached out to the bad actor via the transaction and warns that anyone else contacting users to recover funds is attempting to scam them.
“Conic has reached out to the exploiter via a [transaction] sent from the official Conic Multisig address. Other [transactions] claiming to recover funds on behalf of Conic are a scam.”
The debacle had a significant impact on the price of CNC. The digital asset fell a staggering 77.16% on the day, free falling from $5.92 all the way down to $1.34. It has since recovered and is trading for $2.90 at time of writing.
Don’t Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Check Price Action
Follow us on Twitter, Facebook and Telegram
Surf The Daily Hodl Mix
Generated Image: Midjourney