A DeFi liquidity protocol, Conic Finance suffered a security attack by a hacker who managed to steal 1700 Ether. The attack seems to used oracle price manipulation that the protocol relied on.
Conic Finance is designed to allocate liquidity to the most beneficial liquidity pools on Curve. Anyone can provide liquidity into Conic Omnipool which further utilizes it across a wide range of Curve pools.
The protocol officially announced that it is investigating the root cause of the exploit and consulting with relevant parties. Deposits are currently disabled for ETH Omnipool since it is the only contract that is affected.
In this kind of attack, the exploiter leverages the ability to call a function multiple times within a single transaction. It keeps calling the target function before the initial function call is completed, benefiting the attacker in manipulating oracle data.
The hacker routed a flashloan of 20,000 stETH to the Conic protocol, in order to facilitate the attack. Hacker has amplified the profit of approximately $3.2 million all in ether.