Hackers exploited a vulnerability in the CurveLPOracleV2 contract.
Liquidity balancing platform Conic Finance for decentralized finance protocol Curve has been hacked on the Ethereum omnipool network.
According to Web3 risk alert source Beosin Alert, from Conic Finance was stolen Ether cryptocurrencies in the amount of $3.26 million. Almost all stolen cryptocurrency in one transaction was sent to new wallet V blockchain Ethereum.
Conic Finance developers promptly confirmed the fact of hacking on Twitter, saying that they were investigating the incident and promised to share the details as soon as they appeared.
According to preliminary analysis blockchain cybersecurity company Peckshield, the attack was caused by a vulnerability in the recently introduced CurveLPOracleV2 contract.
About an hour after the first reports of the attack, the Conic Finance team disabled deposits in the ETH Omnipool on their front-end.
Subsequently, Curve Finance developers, who monitored the situation, confirmed that only the ETH omnipool pool was affected by the problem.
Hacker attacks on decentralized finance are far from uncommon in this area. According to web3 portfolio app De.Fi, over $204 million was stolen in DeFi hacks and scams in the second quarter of 2023 alone. At the same time, losses were less than in the first quarter – then, according to CertiK, more than $320 million became victims of cybercriminals.