Conic Finance liquidity protocol hacked, TVL and token prices plummet by 50%, all liquidity pools have been shut down

The liquidity protocol Conic Finance was attacked on the evening of July 21st, with hackers making off with over 3 million US dollars. Conic's total value locked (TVL) and token price both dropped by over 50%, and the protocol has currently closed all liquidity pools.

Liquidity Protocol: Conic Finance

Conic Finance's liquidity pool, Omnipools, allows users to deposit a single asset such as ETH. Conic then allocates the user's assets to multiple Curve pools to diversify risk.

Furthermore, Conic deploys the LP tokens acquired from Curve to the yield aggregator protocol based on Curve, Convex Finance. This enables users to earn CRV, CVX, and the protocol's governance token CNC simultaneously.

Conic Finance Hacked for Over $3 Million

On the evening of July 21, Conic announced that a vulnerability existed in the Omnipool of the protocol, emphasizing that only the ETH pool was affected. They disabled the front-end deposit function, and on-chain data showed a loss of 1,724 ETH, approximately $3.2 million.

Security firm PeckShield discovered a read-only reentrancy bug in the Conic contract CurveLPOracleV2, which was not within the scope of the audit.

Conic later confirmed the vulnerability was due to a reentrancy attack and is redeploying the affected contract.

Conic Shuts Down All Liquidity Pools

However, on the morning of July 22, Conic announced the temporary closure of all Omnipools and stated that the $300,000 obtained by the hacker in the second attack was unrelated to the ETH Omnipool reentrancy bug.

DefiLlama data shows that Conic's total value locked (TVL) dropped from $156 million to $69.35 million, and the price of CNC coin plummeted by -75%, with the latest drop narrowing to -54% at the time of writing.