Blockchain News

Conic Finance’s Ethereum Exploit Raises Alarms About DeFi Security

Conic Finance, a liquidity pool balancing platform connected to the decentralized finance (DeFi) protocol Curve, recently suffered a significant blow due to an exploit on the Ethereum omnipool, resulting in a staggering loss of $3.26 million in Ether (ETH).

Following the incident, the value of ETH dipped to $1,892 as of July 21, according to Beosin Alert, a reliable Web3 risk-alert source. Their data suggested that the stolen cryptocurrency was swiftly consolidated and transferred to a new Ethereum address, showcasing the sophistication of the attack.

Upon analyzing the address, Etherscan discovered the involvement of a flashloan exploit on Coin ETH Pool, which likely facilitated the attack’s execution. In response to the breach, Conic Finance promptly took to Twitter to confirm the news and reassure users that a thorough investigation was already underway. They pledged to provide regular updates as soon as they became available.

Blockchain security firm Peckshield conducted an initial analysis, revealing that the exploit’s root cause originated from the new CurveLPOracleV2 contract. Surprisingly, a similar read-only reentrancy issue had been identified in their audit. However, the newly introduced CurveLPOracleV2 contract, outside the audit’s scope, was the true vulnerability source.

Reacting swiftly, Conic Finance took additional precautionary measures within an hour of the initial report, disabling ETH Omnipool deposits on their platform’s front end. Curve Finance, affiliated with Conic Finance, confirmed the situation and assured users that only the ETH omnipool had been affected.

Regrettably, DeFi hacks have become increasingly common in the industry. A recent report by De.Fi, a Web3 portfolio app, highlighted that in the second quarter of 2023 alone, hackers managed to steal over $204 million through various DeFi hacks and scams. Although this figure is alarming, the losses from DeFi exploits and scams in Q2 were comparatively lower than those recorded in Q1, where CertiK reported a staggering $320 million lost from January to March.

Consequently, the exploit on Conic Finance’s liquidity pool has raised substantial concerns about DeFi protocols’ security and vulnerability. As the industry continues to evolve, it is of utmost importance for platform developers and security firms to collaborate closely in addressing and preventing such incidents, thereby safeguarding users’ funds and preserving trust in the DeFi ecosystem.

In conclusion, the DeFi market must remain vigilant in fortifying its security measures. Continuous efforts to strengthen protocols and preemptively address vulnerabilities will be essential in maintaining the long-term stability and growth of the decentralized finance space.


Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Crypto is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Crypto market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.