Code Error Leads to $212K Heist on Convergence DeFi Platform!

Web3

August 2, 2024 2:01 PM

In Brief:
Convergence DeFi protocol was hacked on Aug. 1, leading to the theft of $210,000 in CVG tokens and $2,000 in staking rewards.
The hack was due to a removed line of code in the smart contract, causing the CVG token to drop over 99% in value.

Code Error Leads to $212K Heist on Convergence DeFi Platform!

On Aug. 1, the decentralized finance protocol Convergence confirmed a security breach through a smart contract exploit. A hacker managed to mint and sell $210,000 worth of Convergence’s native token, CVG, and also stole $2,000 in unclaimed staking rewards. The attack occurred around 3 am UTC, causing the CVG token to plummet over 99% in value.

Hacker Exploits CvxRewardDistributor Contract

The pseudonymous founder of Convergence, Wireshark, released a post-mortem detailing how the hacker exploited the protocol’s CvxRewardDistributor contract.

By manipulating the contract, the hacker minted and sold 58 million CVG tokens. Blockchain security firm PeckShield noted the hacker quickly converted the stolen tokens into 60 wrapped-Ether and 15,900 Curve.fi FRAX, leading to a near-total price wipeout of the CVG token.

Critical Code Line Removed

Convergence explained that the attack was possible because the team accidentally removed an essential line of code during a gas-optimization modification in its smart contract.

This line of code was crucial for checking the input given to the function. The omission allowed the hacker to exploit the claimMultipleStaking function, minting all tokens dedicated to staking emissions and dumping them into CVG liquidity pools.

User Funds and Future Steps

Convergence assured that user funds are safe but recommended users withdraw their assets from the platform. The team apologized to the community and investors, taking full responsibility for the incident.

They plan to fix the rewards contract for the Stake DAO integration and ensure stakers can claim their rewards once the issue is resolved. The total value locked on Convergence dropped from $5.79 million to $3.69 million, according to DefiLlama data.

Impact on the Cryptocurrency Ecosystem

The hack is part of a larger trend of security breaches in the cryptocurrency ecosystem, which lost around $266 million to hacks in July alone. This includes the $230 million hack of Indian trading platform WazirX on July 18.

Disclaimer: Backdoor provides informational content only, it is not offered or intended to be used as legal, tax, investment, financial, or other advice. Investments in digital assets involve risk, and past performance does not guarantee future results. We recommend conducting your own research before making any investment decisions.