Conic Finance, a Curve omnipool platform, has been hacked for $3.26 million in Ether (ETH). The hack was first reported by the Web3 risk-alert source Beosin Alert on July 21.
The exploit took advantage of a vulnerability in Conic‘s smart contracts. The vulnerability allowed an attacker to withdraw more ETH from the pool than they had deposited. The attacker was able to withdraw a total of 326,000 ETH, which is currently worth around $3.26 million.
Nearly the entire amount of stolen cryptocurrency was sent to a new Ethereum address in just one transaction. The address has not been linked to any known cryptocurrency wallets or exchanges.
Conic Finance has since taken steps to mitigate the damage caused by the hack. The platform has been temporarily paused, and the team is working to refund affected users.
Initial analysis provided by the blockchain security firm Peckshield suggests that the root cause came from the new CurveLPOracleV2 contract.
This is the latest in a series of hacks that have targeted DeFi platforms in recent months. In May, the decentralized exchange PancakeSwap was hacked for $45 million. And in June, the lending platform Compound Finance was hacked for $600 million.
The frequency of these hacks highlights the need for increased security measures in the DeFi space. DeFi platforms are often built on complex smart contracts, which can be difficult to secure. As a result, they are more vulnerable to hacks than traditional financial platforms.
Users of DeFi platforms should take steps to protect themselves from hacks. This includes using strong passwords, enabling two-factor authentication, and only depositing funds that they can afford to lose.
What to do if you’re affected by the Conic Finance hack
If you were affected by the Conic Finance hack, there are a few things you can do:
- Contact Conic Finance support and let them know that you were affected.
- Keep an eye on your cryptocurrency wallets for any unauthorized activity.
- Report any suspicious activity to the authorities.
The Conic Finance hack is a reminder that DeFi platforms are still under development and can be vulnerable to hacks. Users of DeFi platforms should take steps to protect themselves from hacks by using strong passwords, enabling two-factor authentication, and only depositing funds that they can afford to lose.