An unknown hacker has attacked the DeFi Conic Finance protocol and stole around 1,700 ETH or $3.26 million.
According to Beosin analysts, a hacker has exploited a reentry vulnerability by gaining access to the protocol's pricing oracle in order to manipulate the prices of steCRV, cbETH/ETH-f, rETH-f and other tokens.
This has allowed the attacker to withdraw more liquidity tokens than he deposited. In addition, the attacker also borrowed 20,000 STETH in order to increase his income.
According to Conic, the exploit has only affected the Omnipool pool on the Ethereum network. The protocol team is investigating the details of the incident.
According to PeckShield, the main contract of the attack has been CurveLPOracleV2. Analysts have noted this component was not part of their audit.
Earlier this month a hacker stole 810.1 ETH (about $1.5 million) from DeFi protocol Rodeo Finance protocol on the Arbitrum network by manipulating the oracle.