- The Conic Finance protocol has been hacked due to a vulnerability in the Omnipool contract on the Ethereum network. The hacker used a “re-entry” attack.
- At the time of writing, the damage is $3.27 million. The project’s administration confirmed the hack and said it is conducting its own investigation.
Beosin analysts reported the hack of the decentralized Conic Finance protocol. The platform is used to distribute funds on DEX Curve using liquidity pools.
The damage from the hacker’s actions amounted to 1,700 ETH (about $3.27 million). All funds were withdrawn to the Ethereum network in a single transaction, according to Etherscan.
The protocol’s administration confirmed the hack on its Twitter page. The project team is investigating the incident and promises to release details at a later date.
According to PeckShield analysts, the hack was caused by the CurveLPOracleV2 contract. The organization said the hacker most likely used a “re-entry” attack.
It involves using multiple function calls within a single transaction before the initial contract call is completed, The Block noted.
This way he was able to manipulate the price of some tokens, the publication said. The hacker then borrowed and “leaked” 20,000 stETH.
A prime example of the use of the “re-entry” exploit is the 2016 hack of The DAO on the Ethereum network, as discussed by one of the blockchain’s developers, Vitalik Buterin, in one of his podcasts.