Conic Finance, a major player in the DeFi industry, has yet to face a setback that targeted the ETH Omnipool tool Within the Curve Finance ecosystem. DeFi has been lauded for its ability to distribute power between communities, but recent exploits have raised scalability concerns.
On Friday, Beosin Alert reported that a large amount of cryptocurrency was stolen and sent to a new Ethereum address in a single transaction. The hacker managed to steal 1,727 ETH worth $3.26 million.
Conic Finance immediately confirmed the news on Twitter and assured the public that they are actively investigating the exploit and will provide updates as they become available.
It seems @employee Tapped for $3.26 million in tx: https://t.co/K0VjnFprAE
The stolen money was sent to 0x3d32C5a2E592c7B17e16bdDc87EAb75f33ae3010 pic.twitter.com/mZr4MOkMQF
– Beosin Alert (BeosinAlert) July 21, 2023
The non-industrial benchmark Oracle Infra draws criticism
The vulnerability has been attributed to issues arising from the new CurveLPOracleV2 contract. Conic Finance was criticized by the community for using Oracle’s non-industry-standard infrastructure, which may have contributed to the vulnerability.
Unfortunately, such incidents are not isolated within the DeFi space, as other projects such as the Jimbos protocol have also suffered significant losses due to the exploits. This raises concerns about the general security and validity of non-Oracle based policies.
As of today, the market cap of cryptocurrencies stood at $1.16 trillion. Chart: TradingView.com
To Conic Finance’s credit, they took swift action to address this issue. They thoroughly investigated and acknowledged the exploit, ensuring that the affected nodes were fixed.
The exploit was identified as a “reentry attack,” which was facilitated by a false assumption regarding the address returned by the Curve Meta Registry for ETH in Curve V2 pools.
DeFi Breakout: The original CNC token took a hit
As a result of the exploit, the ETH Omnipool experienced a significant loss of funds, which led to a sharp drop in the Total Value Locked (TVL).
Earlier that week, Conic Finance saw a significant 234% rise in TVL, but that number quickly fell from around $111 million to $50.03 million, showing just how severe the impact has been.
Moreover, Conic Finance’s native CNC token also suffered a major blow, with its price dropping by more than 54% in the past 24 hours.
CNC price in red in all timeframes. Source: Coingecko
These developments undoubtedly shook investor confidence in the project, underscoring the need for the Conic Finance team to adopt stronger security measures.
DeFi hacks are becoming commonplace in the industry. In the second quarter of 2023, hackers managed to pass an estimated $204 million through various scams and breaches, according to a report by DeFi, a Web3 wallet app.
However, it should be noted that the losses that occurred in the second quarter were relatively less severe compared to the previous quarter. CertiK, in its report, revealed that from January to March, the DeFi space suffered significant losses, with more than $320 million hacked.
The Conic Finance incident is a stark reminder that the journey towards decentralized financial systems is not without challenges.
As the industry continues to grow, it is imperative for projects to prioritize security, transparency, and collaboration, ultimately enhancing the trust of users and investors alike.
Featured image by FX Empire