Hackers have hit decentralized finance (DeFi) protocol Conic Finance with an attack and drained 1,700 Ethereum—worth over $3.2 million at current prices.
In a Friday tweet, the protocol said it was “continuing to investigate the root cause of the exploit and are consulting with relevant parties.”
The team behind the DeFi protocol later said the root cause was a "re-entrancy attack," adding that "a fix to the affected contract is being deployed." In a follow-up, the team claimed that withdrawals were safe and said that a more detailed post mortem was forthcoming.
The stolen crypto was all sent to one address, blockchain security company Beosin said in a tweet, linking to the transaction.
Conic Finance is a new app which lets users deposit tokens into its “omnipools,” allowing them to earn rewards. The idea is that users can diversify funds across the Curve decentralized exchange using Conic’s liquidity pools.
Hackers targeted the Ethereum omnipool. Conic Finance has since said deposits have now been disabled to that pool.
Exploits like this one are very common in the DeFi space—the crypto sphere which aims to replace traditional financial services like borrowing and lending via blockchain technology.
Such apps are new and experimental and therefore sometimes have systems which hackers can take advantage of. Last year was the “the biggest year ever for hacking” in the crypto space according to blockchain data firm Chainalysis.
Most of those attacks happen in the DeFi space. DeFi traders lost $228 million in just three months of Q2 this year alone, a 63% increase compared to the same period last year.
According to Immunefi, most of the crypto losses originated from two specific incidents—the June 3 hack of Atomic Wallet and the May 23 exit scam by the now-defunct Fintoch platform.
The company also found that some chains were targeted more than others. It found that attacks on BNB Chain and Ethereum made up 77% of all losses in the last quarter, followed by Arbitrum at 12%. They said that attacks on Arbitrum were notable, given that it experienced no incidents at all in the same period last year.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.