Curve omnipool platform Conic Finance hacked for $3.2 million in ETH.

Curve omnipool platform Conic Finance hacked for $3.2 million in ETH.

Conic Finance, a liquidity pool balancing platform, falls victim to an exploit on the Ethereum network

Conic Finance, a prominent decentralized finance (DeFi) protocol, has recently suffered a significant exploit on the Ethereum network, resulting in the loss of approximately $3.26 million worth of Ether (ETH). The exploit was detected and reported by Beosin Alert, a Web3 risk-alert source, on July 21.

The exploit involved the theft of almost the entire amount of cryptocurrency, which was swiftly transferred to a new Ethereum address in a single transaction. This incident has raised concerns about the security and vulnerability of DeFi protocols operating on the Ethereum network.

The impact on Conic Finance and its response

Upon discovering the exploit, Conic Finance promptly confirmed the news on Twitter and assured its users that it is actively investigating the incident. The platform has pledged to provide updates as soon as they become available. This incident serves as a reminder of the importance of robust security measures within the blockchain industry.

Understanding the root cause of the exploit

According to an initial analysis conducted by Peckshield, a reputable blockchain security firm, the exploit originated from the new CurveLPOracleV2 contract. Interestingly, this contract was not included in the scope of the security audit conducted prior to its implementation.

Peckshield’s audit revealed a read-only reentrancy issue, which can be exploited by malicious actors to manipulate the platform and gain unauthorized access to funds. The fact that this issue was present in a newly introduced contract highlights the challenges faced by developers in ensuring the security of complex smart contracts.

The broader implications for the blockchain industry

The exploit on Conic Finance underscores the need for continuous vigilance and robust security measures in the blockchain industry. As the popularity of DeFi protocols continues to grow, so does the incentive for attackers to exploit vulnerabilities within these systems.

One of the key factors contributing to the vulnerability of DeFi protocols is the reliance on smart contracts. These self-executing contracts, coded into the blockchain, automate transactions and eliminate the need for intermediaries. However, they also introduce new risks, as vulnerabilities in the code can be exploited by hackers.

To mitigate these risks, the blockchain industry must prioritize comprehensive security audits, ensuring that all contracts, including newly introduced ones, undergo rigorous testing. Additionally, developers should adopt best practices in secure coding and implement mechanisms to detect and prevent potential exploits.


The recent exploit on Conic Finance serves as a stark reminder of the security challenges faced by the blockchain industry. While blockchain technology offers immense potential, it is crucial to address vulnerabilities and strengthen security measures to safeguard users’ funds and trust in decentralized systems.

The incident highlights the need for continuous research, audits, and robust security practices to ensure the integrity of DeFi protocols and the broader blockchain ecosystem. By learning from such incidents and implementing effective security measures, the industry can enhance user confidence and pave the way for wider adoption of blockchain technology.