{"id":82022,"date":"2023-07-21T16:11:42","date_gmt":"2023-07-21T13:11:42","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=82022"},"modified":"2025-09-12T02:35:18","modified_gmt":"2025-09-11T23:35:18","slug":"conic-finance-loses-3-2-million-to-oracle-manipulation","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/conic-finance-loses-3-2-million-to-oracle-manipulation\/","title":{"rendered":"Conic Finance loses $3.2 million to oracle manipulation"},"content":{"rendered":"

An attacker hacked the DeFi protocol Conic Finance, oriented toward the Curve platform. They withdrew around 1,700 ETH (~$3.26 million).<\/p>\n

\\\"Snimok-ekrana-2023-07-21-v-15.38.28\\\"
Data: Twitter<\/a>.<\/figcaption><\/figure>\n

According to Beosin analysts, the hacker exploited a re-entry vulnerability, gaining access to the protocol’s price oracle<\/a> to manipulate the prices of steCRV, cbETH\/ETH-f, rETH-f and others.<\/p>\n

This allowed the attacker to withdraw more liquidity tokens than they deposited. The attacker also borrowed 20,000 stETH to increase profits.<\/p>\n

According to Conic representatives, the exploit affected only the Omnipool on the Ethereum network. The protocol team is currently investigating the incident.<\/p>\n

According to PeckShield, the main contract used in the attack was CurveLPOracleV2. Analysts noted that this component was not included in the audit they conducted.<\/p>\n

Earlier in July, the hacker withdrew 810.1 ETH<\/a> (~$1.5 million at the time of the attack) from the Rodeo Finance DeFi protocol on the Arbitrum network through oracle manipulation.<\/p>\n

In the same month, Arcadia Finance was hacked for $455,000<\/a>. According to PeckShield, the code reportedly lacked a mechanism for cross-checking unverified inputs.<\/p>\n

Earlier Beosin analysts said that in the first half of 2023 the digital asset sector lost about $655.6 million due to hacks, fraud and rug pull<\/span>.<\/p>\n","protected":false},"excerpt":{"rendered":"

An attacker hacked the DeFi protocol Conic Finance, targeting the Curve platform. They withdrew about 1,700 ETH (~$3.26 million).<\/p>\n","protected":false},"author":1,"featured_media":82023,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1093],"class_list":["post-82022","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"18","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/82022","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=82022"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/82022\/revisions"}],"predecessor-version":[{"id":82024,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/82022\/revisions\/82024"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/82023"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=82022"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=82022"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=82022"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}