Hackers Drain $3 Million in Ethereum From DeFi Protocol Conic Finance

The new DeFi protocol, which went live in March, has lost more than 1,700 Ethereum.

By Mat Di Salvo

3 min read

Hackers have hit decentralized finance (DeFi) protocol Conic Finance with an attack and drained 1,700 Ethereum—worth over $3.2 million at current prices.

In a Friday tweet, the protocol said it was “continuing to investigate the root cause of the exploit and are consulting with relevant parties.”

The team behind the DeFi protocol later said the root cause was a "re-entrancy attack," adding that "a fix to the affected contract is being deployed." In a follow-up, the team claimed that withdrawals were safe and said that a more detailed post mortem was forthcoming.

The stolen crypto was all sent to one address, blockchain security company Beosin said in a tweet, linking to the transaction.

Conic Finance is a new app which lets users deposit tokens into its “omnipools,” allowing them to earn rewards. The idea is that users can diversify funds across the Curve decentralized exchange using Conic’s liquidity pools.

Hackers targeted the Ethereum omnipool. Conic Finance has since said deposits have now been disabled to that pool.

Exploits like this one are very common in the DeFi space—the crypto sphere which aims to replace traditional financial services like borrowing and lending via blockchain technology.

Such apps are new and experimental and therefore sometimes have systems which hackers can take advantage of. Last year was the “the biggest year ever for hacking” in the crypto space according to blockchain data firm Chainalysis.

Most of those attacks happen in the DeFi space. DeFi traders lost $228 million in just three months of Q2 this year alone, a 63% increase compared to the same period last year.

According to Immunefi, most of the crypto losses originated from two specific incidents—the June 3 hack of Atomic Wallet and the May 23 exit scam by the now-defunct Fintoch platform.

The company  also found that some chains were targeted more than others. It found that attacks on BNB Chain and Ethereum made up 77% of all losses in the last quarter, followed by Arbitrum at 12%. They said that attacks on Arbitrum were notable, given that it experienced no incidents at all in the same period last year.

Get crypto news straight to your inbox--

sign up for the Decrypt Daily below. (It’s free).

Recommended News