The decentralized finance (DeFi) protocol Conic Finance has lost more than $3.2 million worth of Ether (ETH) in two separate hacking incidents in recent days
The first attack, which happened on Friday last week, was described by the Conic Finance team as a "re-entrancy attack” that exploited a vulnerability in Curve V2 pools, earning the attacker 1,700 ETH tokens.
“A fix to the affected contract is being deployed,” the team wrote.
The team went on to assure the community that the exploit “cannot be done again” for the same Omnipool, and said that “no other Conic Omnipools are affected by this issue.”
A few hours later, however, the team again reported that they had suffered an exploit, this time draining approximately $300,000 worth of tokens from the crvUSD Omnipool.
“In response to this and given today's ETH exploit, we immediately enforced maximum safety measures and temporarily shutdown all Omnipools,” a new tweet from Conic Finance said.
The team stressed that the second attack was “unrelated to the ETH Omnipool's re-entrancy exploit.”
In a post-mortem update published after the two attacks, the Conic Finance team admitted that the past two days have been “extremely difficult.”
“We feel devastated by this situation and will do everything in our power to recover the stolen funds,” the team said.
The post-mortem update appeared to place part of the blame for both of the attacks on Curve, saying about the second incident that interaction with “imbalanced Curve pools” caused the vulnerability.
Curve is a decentralized exchange (DEX) for stablecoins that uses the automated market maker (AMM) model to manage liquidity.
“While we did have some mechanism in place to ensure we did not interact with imbalanced Curve pools, the bounds
Read more on cryptonews.com