{"id":55013,"date":"2023-07-22T16:06:17","date_gmt":"2023-07-22T20:06:17","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=55013"},"modified":"2023-07-22T17:36:01","modified_gmt":"2023-07-22T21:36:01","slug":"conic-finance-loses-3-2m-to-reentrancy-attack-on-eth-omnipool","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/conic-finance-loses-3-2m-to-reentrancy-attack-on-eth-omnipool\/","title":{"rendered":"Conic Finance Loses $3.2M to Reentrancy Attack on ETH Omnipool"},"content":{"rendered":"\n<p>Conic Finance, a platform for balancing liquidity pools for the <a href=\"https:\/\/coinscreed.com\/staging\/discord-surrounds-aave-proposal-to-suspend-curve-founder-loans.html\" target=\"_blank\" rel=\"noreferrer noopener\">Curve decentralized finance protocol<\/a>, has been the victim of an Ethereum omnipool exploit.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/07\/croc_1690055587956-1024x576.jpg\" alt=\"Conic Finance Loses $3.2M to Reentrancy Attack on ETH Omnipool\" class=\"wp-image-55015\" srcset=\"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/07\/croc_1690055587956-1024x576.jpg 1024w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/07\/croc_1690055587956-300x169.jpg 300w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/07\/croc_1690055587956-768x432.jpg 768w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/07\/croc_1690055587956-750x422.jpg 750w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/07\/croc_1690055587956-1140x641.jpg 1140w, https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/07\/croc_1690055587956.jpg 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Conic Finance Loses $3.2M to Reentrancy Attack on ETH Omnipool<\/figcaption><\/figure>\n\n\n\n<p>According to the Web3 risk-alert site Beosin Alert, Conic Finance was taken advantage of for $3.26 million in Ether (ETH $1,889) on July 21. Beosin's research shows that almost all of the stolen Bitcoin was transferred to a fresh <a href=\"https:\/\/coinscreed.com\/staging\/ethereum-address-activity-drops-to-two-year-low-eth-price-below-1800.html\" target=\"_blank\" rel=\"noreferrer noopener\">Ethereum address<\/a> in a single transaction.<\/p>\n\n\n\n<p>Conic Finance quickly responded to the story on Twitter by confirming it and noting that the platform is looking into the issue and would post updates as soon as they become available.<\/p>\n\n\n\n<p>Initial research conducted by blockchain security company Peckshield indicates that the new <a href=\"https:\/\/www.bing.com\/search?q=Conic+Finance+Loses+%243.2M+to+Reentrancy+Attack+on+ETH+Omnipool&form=ANNTH1&refig=db6f107cc50047798293462b7608c28b\" target=\"_blank\" rel=\"noreferrer noopener\">CurveLPOracleV2<span class=\"wpil-link-icon\" title=\"Link goes to external site.\" style=\"margin: 0 0 0 5px;\"><svg width=\"24\" height=\"24\" style=\"height:16px; width:16px; fill:#000000; stroke:#000000; display:inline-block;\" viewBox=\"0 0 24 24\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" xmlns:svg=\"http:\/\/www.w3.org\/2000\/svg\"><g id=\"wpil-svg-outbound-7-icon-path\" fill=\"none\" clip-path=\"url(#clip0_31_188)\">\r\n                            <path d=\"M9.16724 14.8891L20.1672 3.88908\" stroke-linecap=\"round\"\/>\r\n                            <path d=\"M13.4497 3.53554L20.5208 3.53554L20.5208 10.6066\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/>\r\n                            <path d=\"M17.5 13.5L17.5 16.26C17.5 17.4179 17.5 17.9968 17.2675 18.4359C17.0799 18.7902 16.7902 19.0799 16.4359 19.2675C15.9968 19.5 15.4179 19.5 14.26 19.5L7.74 19.5C6.58213 19.5 6.0032 19.5 5.56414 19.2675C5.20983 19.0799 4.92007 18.7902 4.73247 18.4359C4.5 17.9968 4.5 17.4179 4.5 16.26L4.5 9.74C4.5 8.58213 4.5 8.0032 4.73247 7.56414C4.92007 7.20983 5.20982 6.92007 5.56414 6.73247C6.0032 6.5 6.58213 6.5 7.74 6.5L11 6.5\" stroke-linecap=\"round\"\/>\r\n                        <\/g>\r\n                        <defs>\r\n                            <clipPath id=\"clip0_31_188\">\r\n                                <rect fill=\"white\" height=\"24\" width=\"24\"\/>\r\n                            <\/clipPath>\r\n                        <\/defs><\/svg><\/span><\/a> contract was the primary culprit. Peckshield wrote: <\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cOur audit identifies a similar read-only reentrancy issue. However, the same issue is introduced in the newly introduced CurveLPOracleV2 contract, which was not part of the audit scope,\u201d<\/p>\n<\/blockquote>\n\n\n\n<p>Conic Finance also claimed it had stopped ETH Omnipool deposits on the Conic front end one hour after the initial notification of the hack.\u201cFollowed with Conic on this one. Issue was identified, only ETH omnipool is affected there,\u201d Curve Finance subsequently wrote.<\/p>\n\n\n\n<p><a href=\"https:\/\/coinscreed.com\/staging\/over-5-million-exploited-in-recent-defi-hacks-on-aave-and-yearn-finance.html\" target=\"_blank\" rel=\"noreferrer noopener\">DeFi hacks<\/a> and frauds allowed thieves to steal more than $204 million in the second quarter of 2023 alone, according to research from Web3 portfolio app De.Fi. <\/p>\n\n\n\n<p>Despite this, DeFi breaches and scams caused losses in Q2 that were lower than those in Q1\u2014CertiK reported that over $320 million was lost between January and March.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Conic Finance, a platform for balancing liquidity pools for the Curve decentralized finance protocol, has been the victim of an Ethereum omnipool exploit. According to the Web3 risk-alert site Beosin Alert, Conic Finance was taken advantage of for $3.26 million in Ether (ETH $1,889) on July 21. Beosin&#8217;s research shows that almost all of the [&hellip;]<\/p>\n","protected":false},"author":43,"featured_media":55015,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11476],"tags":[15420,15421],"class_list":["post-55013","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacks-and-scams","tag-conic-finance","tag-eth-omnipool"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/07\/croc_1690055587956.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/55013","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/43"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=55013"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/55013\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/55015"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=55013"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=55013"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=55013"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}