Conic Finance, a liquidity pool balancing platform for the decentralized finance (DeFi) protocol Curve, has suffered an exploit on the Ethereum omnipool.
Conic Finance has been exploited for $3.26 million in Ether (ETH), the Web3 risk-alert source Beosin Alert reported on July 21. Nearly the entire amount of stolen cryptocurrency was sent to a new Ethereum address in just one transaction, according to data provided by Beosin.
Conic Finance was quick to confirm the news on Twitter, stating that the platform is currently investigating the exploit and will share updates as soon as they are available.
According to the initial analysis provided by the blockchain security firm Peckshield, the root cause came from the new CurveLPOracleV2 contract.
“Our audit identifies a similar read-only reentrancy issue. However, the same issue is introduced in the newly introduced CurveLPOracleV2 contract, which was not part of the audit scope,” Peckshield wrote.
This is a developing story, and further information will be added as it becomes available.