According to BlockSec, MetaDock labeled the Conic Finance hacker as the Lady Pepe Exploiter.
Conic Finance Hacked
Conic Finance, the owner of the DeFi protocol, confirmed that it was exploited via a reentrancy attack earlier today for an undisclosed sum.
An attacker can drain funds from a vulnerable contract by repeatedly calling the withdraw function before it updates its balance. This attack is frequently used to exploit various DeFi protocols.
Conec Finance stated that it initially disabled the front end of its Omnipool Ethereum deposits before launching a fix for the affected contract.
“The root cause was a re-entrancy attack that was possible due to a faulty assumption about which address is returned by the Curve Meta Registry for ETH in Curve V2 pools.”
Curve Finance also stated that the only affected pool was the ETH Omnipool. Conic Finance, according to its website, enables liquidity providers to easily diversify their exposure to multiple Curve pools.
Any user can contribute liquidity to a Conic Omnipool, which distributes funds across Curve based on protocol-controlled pool weights.
As of press time, Conic Finance had not responded to CryptoSlate’s request for additional commentary. Meanwhile, blockchain security firm Decurity reported a loss of 1724 ETH worth $3.2 million as a result of the exploit.
According to Decurity, the exploiter was active yesterday and carried out a series of minor hacks before attacking the CNCETH pool today.
They also attempted a failed transaction 10 minutes before successfully utilizing Conic Finance. BlockSec confirmed the report, noting that MetaDock had labeled the hacker as the Lady Pepe Exploiter.
This exploit extends a relatively busy month for hackers focusing on cryptocurrency projects. According to data from DeFillama, over $100 million in digital assets have been stolen from a variety of protocols, including the cross-chain bridge Multichain (MULTI).
To read our blog on “Crypto companies have nowhere to hide with new rules, G20,” click here