- Price manipulation was at the core of the attack, caused by "reentrancy" bug
- Platform's reward pools diversify exposure across the Curve ecosystem
- $452 million was lost to cryptocurrency scams in the first quarter of 2023
Decentralized finance (DeFi) protocol Conic Finance lost around 1,700 ether (ETH), worth over $3.6 million at current exchange rates. The attack affected an Omnipool, which is a rewards pool unique to Conic, CoinDesk reported.
According to security firm BlockSec, price manipulation was at the core of the attack. It was caused by a common bug known as "reentrancy," which makes it possible for attackers to trick a smart contract by making repeat calls, authorizing the smart contract address to interact with a user’s wallet. The attacker steals assets during the interaction.
Omnipools diversified exposure on Curve
Conic Finance has been live for less than five months. It allows customers to deposit tokens into its Omnipools, a new offering that increases rewards and diversifies exposure across the Curve ecosystem. Apparently, demand for such a product is substantial, because the platform attracted millions of dollars very soon after going live.
Each Omnipool allocates a single asset’s liquidity into various Curve pools. Curve rewards are boosted by staking all Curve liquidity provider tokens on Convex, another platform associated with Curve. Convex’s token CNX is also given as a reward. Users can get rewards in Conic’s native token CNC as well.
Conic Finance developers posted on Twitter that they were investigating the root cause of the attack, adding the faulty pool had been closed.
Funds lost to crypto hacks have shrunk y/y
The crypto space has long been plagued by security issues. As Bankless Times reported at the beginning of this month, hackers issued $42 billion worth of malicious tokens on PolyNetwork. They exploited a function in the protocol’s bridge tool, which enables users to transfer tokens between blockchains by locking value on one blockchain and releasing it on another.
On the plus side, an analysis found funds lost to crypto hacks and scams in the first quarter of this year declined by 65% y/y, which shows some progress has been made in mitigating security risk.
$452 million was lost to cryptocurrency hacks and scams in the first quarter of 2023 compared to $1.3 billion in the first quarter of last year. However, almost half of this amount was lost between March 1 and March 20, 2023, emphasizing the swift pace at which exploiters are operating.
Contributors
