Written by Hazel J. Greene, Senior Analyst

Conic Finance, a prominent player in the DeFi industry, recently encountered a setback after falling victim to an exploit targeting the ETH Omnipool within the Curve Finance ecosystem. While DeFi has been widely celebrated for its potential to empower communities, such incidents raise concerns about scalability and the need for stronger security measures.

On Friday, the Beosin Alert reported a significant cryptocurrency theft of 1,727 ETH, valued at $3.26 million. The stolen funds were quickly sent to a new Ethereum address in a single transaction, highlighting vulnerability within the system.

Conic Finance promptly confirmed the incident via Twitter, reassuring the public that they were actively investigating the exploit and would provide updates as they became available.

This latest exploit was traced back to issues stemming from Conic Finance’s employment of non-industry standard Oracle infrastructure. The community criticized the decision, which may have contributed to the vulnerability. Unfortunately, this is not an isolated case, as other DeFi projects, including Jimbos Protocol, have also suffered major losses due to similar exploits. The incident highlights concerns about the overall security and viability of Oracle-less approaches.

In response to the exploit, Conic Finance took swift action. They conducted a thorough investigation and acknowledged the vulnerability, ensuring that the affected contract was promptly fixed.

The exploit, identified as a “re-entrance attack,” exploited a mistaken assumption about the address returned by the Curve Meta Registry for ETH in Curve V2 pools.

As a consequence of the exploit, the ETH Omnipool experienced a significant loss of funds, leading to a sharp decline in Total Value Locked (TVL). Conic Finance’s TVL dropped from around $111 million to $50.03 million, reflecting the severity of the impact. Moreover, the native token CNC also suffered a significant blow, with its price plunging by over 54% in the past 24 hours.

These developments have inevitably shaken investor confidence in the project, highlighting the urgency for the Conic Finance team to adopt more robust security measures.

DeFi hacks have unfortunately become all too common within the industry. In the second quarter of 2023 alone, hackers managed to make off with an estimated $204 million through various scams and breaches, according to a report by DeFi, the Web3 portfolio app. However, it’s worth noting that these losses were relatively less severe compared to the previous quarter when over $320 million was compromised, as revealed by CertiK in its report.

The incident involving Conic Finance serves as a stark reminder that the journey toward decentralized financial systems will not be without its challenges. As the industry continues to mature, it is imperative that projects prioritize security, transparency, and collaboration to strengthen the trust of both users and investors.

Disclaimer: The information provided in this research report is for informational purposes only and should not be interpreted as financial or investment advice. The cryptocurrency market is highly volatile, and readers should conduct thorough research before making any investment decisions.