Conic Finance, a decentralized finance (DeFi) protocol, announced on Friday that it had suffered an exploit resulting in the loss of over 1,700 ether (ETH), worth over $3.6 million at current prices. Security firm BlockSec identified the root cause of the attack as read-only reentrancy, a bug that allows attackers to trick a smart contract by making repeated calls to a protocol in order to steal assets.
Conic Finance, which launched on March 1, offers users the ability to deposit tokens into its Omnipools, a product that diversifies exposure across the Curve ecosystem while increasing rewards. The protocol quickly attracted millions of dollars in capital, indicating a high demand for such a product.
The developers of Conic Finance tweeted that they were continuing to investigate the root cause of the exploit and were consulting with relevant parties. They also disabled ETH Omnipool deposits on the Conic front end.
We have disabled ETH Omnipool deposits on the Conic front end, the developers wrote.