A decentralized finance (DeFi) protocol built on top of the Ethereum (ETH) smart contract platform has been hacked worth around $3.2 million.
New data reveals that Conic Finance (CNC), which provides omnipools, or liquidity pools that allow all trades on a network to be completed in a single transaction, to Curve Finance (CRV), has been mined for $3.26 million, according to cryptosecurity firm Beosin.
In response to the attack, which only affected the protocol’s Ethereum omnipool, Conic Finance disabled deposits on it.
However, about an hour later, Conic provided an update saying that the exploit was fixed in a way that could never happen again.
“The root cause was a re-entry attack that could be performed due to an incorrect assumption about what address Curve Meta Registry returns for ETH in Curve V2 pools. A fix is being implemented for the affected contract.
Mining cannot be redone for ETH Omnipool. Withdrawals are secure. No other Conic omnipool is affected by this issue. A more detailed autopsy will be published soon.”
Conic says he contacted the wrongdoer through the transaction and warns that anyone else who contacts users to recover funds is trying to scam them.
“Conic contacted the explorer through a [transaction] sent from the official address of Conic Multisig. Other [transactions] that claim to recover funds on behalf of Conic are scams.”
The disaster had a significant impact on the price of CNC. The digital asset is down an impressive 77.16% on the day, going from $5.92 to $1.34. It has since rallied and is trading at $2.90 at the time of writing.