Hackers steal $3.2 million worth of Ethereum from Conic Finance DeFi Protocol -TGN

Decentralized finance (DeFi) protocol Conic Finance has lost more than $3.2 million in Ether (ETH) in two separate hacking incidents in recent days.

The first attack, which took place last Friday, was described by the Conic Finance team as a “reentry attack” that exploited a vulnerability in Curve V2 pools, leading the attacker to earn 1,700 ETH tokens.

“A solution to the affected contract is being worked on,” the team wrote.

The team then assured the community that the exploit “cannot be redone” for the same Omnipool, saying that “no other Conic Omnipools are affected by this issue”.

Second attack

However, a few hours later, the team reported again that they had suffered an exploit, this time for approximately $300,000 worth of tokens from the crvUSD Omnipool.

“In response to this and given today’s ETH exploit, we immediately enforced maximum security measures and temporarily shut down all Omnipools,” said a new tweet from Conic Finance.

The team stressed that the second attack was “unrelated to the return of the ETH Omnipool.”

‘Extremely difficult’ two days

In an autopsy update published after the two attacks, the Conic Finance team admitted that the past two days have been “extremely difficult”.

“We feel devastated by this situation and will do everything we can to recover the stolen money,” the team said.

The post-mortem update seemed to put some of the blame for both attacks on Curve, saying of the second incident that interaction with “unbalanced Curve pools” caused the vulnerability.

Curve is a decentralized exchange (DEX) for stablecoins that uses the automated market maker (AMM) model to manage liquidity.

“While we had a mechanism in place to ensure that we did not interact with unbalanced Curve pools, the boundaries we set were not tight enough to allow the attacker to slowly withdraw money from the pool,” the team wrote.

Despite this, the update also said Curve’s team members “deserve recognition for their tremendous help and support.”

Conic Finance is a relatively new DeFi project and the protocol’s token, CNC, is only listed on MEXC and CoinEx for now, alongside some decentralized exchanges.

As of writing on Monday, the CNC token was down 45% in the past 7 days, data from CoinGecko showed.