Hackers Steal $3.2 Million Worth of Ethereum From Conic Finance DeFi Protocol
We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Ad Disclosure
We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
The decentralized finance (DeFi) protocol Conic Finance has lost more than $3.2 million worth of Ether (ETH) in two separate hacking incidents in recent days.
The first attack, which happened on Friday last week, was described by the Conic Finance team as a “re-entrancy attack” that exploited a vulnerability in Curve V2 pools, earning the attacker 1,700 ETH tokens.
“A fix to the affected contract is being deployed,” the team wrote.
The team went on to assure the community that the exploit “cannot be done again” for the same Omnipool, and said that “no other Conic Omnipools are affected by this issue.”
2/ The exploit cannot be done again for the ETH Omnipool.
— Conic Finance (@ConicFinance) July 21, 2023
– Withdrawals are safe
– No other Conic Omnipools are affected by this issue
– A more detailed post mortem will be published soon
We will continue to share updates.
Second attack
A few hours later, however, the team again reported that they had suffered an exploit, this time draining approximately $300,000 worth of tokens from the crvUSD Omnipool.
“In response to this and given today’s ETH exploit, we immediately enforced maximum safety measures and temporarily shutdown all Omnipools,” a new tweet from Conic Finance said.
The team stressed that the second attack was “unrelated to the ETH Omnipool’s re-entrancy exploit.”
2/ This second attack was unrelated to the ETH Omnipool's re-entrancy exploit.
— Conic Finance (@ConicFinance) July 21, 2023
The attacker was able to realize a profit of approximately $300k by exploiting the crvUSD Omnipool.
We will share more updates as we continue to investigate.
‘Extremely difficult’ two days
In a post-mortem update published after the two attacks, the Conic Finance team admitted that the past two days have been “extremely difficult.”
“We feel devastated by this situation and will do everything in our power to recover the stolen funds,” the team said.
The post-mortem update appeared to place part of the blame for both of the attacks on Curve, saying about the second incident that interaction with “imbalanced Curve pools” caused the vulnerability.
Curve is a decentralized exchange (DEX) for stablecoins that uses the automated market maker (AMM) model to manage liquidity.
“While we did have some mechanism in place to ensure we did not interact with imbalanced Curve pools, the bounds that we had set were not tight enough and allowed the attacker to slowly drain funds from the pool,” the team wrote.
Despite this, the update also said that Curve’s team members “deserve recognition for their massive help and support.”
Conic Finance is a relatively new DeFi project, and the protocol’s token, CNC, is for now only listed on MEXC and CoinEx in addition to a few decentralized exchanges.
As of press time on Monday, the CNC token was down by 45% over the past 7 days, data from CoinGecko showed.

- How Tether Co-Founder William Quigley Views Crypto Regulations in Trump’s Second Term
- Trump Appoints PayPal Veteran David Sacks as ‘White House AI and Crypto Czar’
- Bitwise’s Matt Hougan Makes Big Prediction on Bitcoin’s Next Bear Market
- From $10K to $75K: How Dave Portnoy Pumped and Dumped Meme Coins on His Followers
- Donald Trump’s World Liberty Financial Set to Create Strategic Crypto Reserve: Report






