Web3
August 2, 2024 2:01 PM
On Aug. 1, the decentralized finance protocol Convergence confirmed a security breach through a smart contract exploit. A hacker managed to mint and sell $210,000 worth of Convergence’s native token, CVG, and also stole $2,000 in unclaimed staking rewards. The attack occurred around 3 am UTC, causing the CVG token to plummet over 99% in value.
The pseudonymous founder of Convergence, Wireshark, released a post-mortem detailing how the hacker exploited the protocol’s CvxRewardDistributor contract.
By manipulating the contract, the hacker minted and sold 58 million CVG tokens. Blockchain security firm PeckShield noted the hacker quickly converted the stolen tokens into 60 wrapped-Ether and 15,900 Curve.fi FRAX, leading to a near-total price wipeout of the CVG token.
Convergence explained that the attack was possible because the team accidentally removed an essential line of code during a gas-optimization modification in its smart contract.
This line of code was crucial for checking the input given to the function. The omission allowed the hacker to exploit the claimMultipleStaking function, minting all tokens dedicated to staking emissions and dumping them into CVG liquidity pools.
Convergence assured that user funds are safe but recommended users withdraw their assets from the platform. The team apologized to the community and investors, taking full responsibility for the incident.
They plan to fix the rewards contract for the Stake DAO integration and ensure stakers can claim their rewards once the issue is resolved. The total value locked on Convergence dropped from $5.79 million to $3.69 million, according to DefiLlama data.
The hack is part of a larger trend of security breaches in the cryptocurrency ecosystem, which lost around $266 million to hacks in July alone. This includes the $230 million hack of Indian trading platform WazirX on July 18.
Disclaimer: Backdoor provides informational content only, it is not offered or intended to be used as legal, tax, investment, financial, or other advice. Investments in digital assets involve risk, and past performance does not guarantee future results. We recommend conducting your own research before making any investment decisions.