Decentralized finance protocol Convergence was hacked on August 1 due to a smart contract exploit. The attacker minted and sold $210 million worth of the platform's native token, CVG, and stole an additional $2,000 in unclaimed staking rewards.
The attack targeted the CvxRewardDistributor contract, allowing the hacker to mint 58 million CVG tokens, which were then sold for approximately $210,000. Additionally, around $2,000 in unclaimed rewards from Convex, another DeFi protocol, were stolen. The incident occurred at approximately 3:00 am UTC, according to Etherscan data.
Blockchain security firm PeckShield reported that the attacker quickly exchanged the stolen CVG tokens for 60 wrapped Ether and 15,900 Curve.fi FRAX. This action led to a nearly 100% collapse in the CVG token's price, which is now trading at $0.0004, with a market cap of just $57,000, as per CoinMarketCap.
Convergence revealed that the attack was possible due to the accidental removal of a critical line of code in the smart contract, intended for gas optimization. This omission left the staking contract vulnerable, allowing the hacker to exploit the claimMultipleStaking function. The malicious actor minted all tokens meant for staking emissions and then dumped them into CVG liquidity pools.
In a statement, the Convergence team apologised to the community and investors, acknowledging full responsibility for the oversight. They assured that user funds remained safe and advised users to withdraw assets from the platform. The team is working on fixing the broken rewards contract for the Stake DAO integration, assuring users that their rewards will be claimable once the issue is resolved. They also promised further communication about the protocol's future.
Convergence, a platform designed to aggregate liquidity and enhance returns within the Curve Finance ecosystem, saw its total value locked (TVL) drop from $5.79 million to $3.69 million following the hack, according to DefiLlama data.
The incident adds to a series of crypto hacks, with the ecosystem losing around $266 million in July alone. This includes the significant $230 million hack of the Indian trading platform WazirX on July 18.
In this article, I propose adding a liquidity or milestone-based dimension to enhance and improve upon the existing token vesting schedule models we most commonly observe today.
JinseFinanceThrough statistics and analysis of security incidents in the Web3.0 field over the past year, the latest trends in Web3.0 security are fully revealed.
JinseFinanceStablecoin issuers Circle and Tether have blacklisted over half of the stolen funds, according to available information.
BeincryptoMetis, an Ethereum layer-2 platform, warns users not to buy METIS on the BNB Blockchain days after the PolyNetwork was hacked and $5.5 million of assets stolen.
BitcoinistNorway completed its record-high crypto seizure, confiscating approximately $5.9 million worth of digital assets.
cryptopotatoThe community criticized the airdrop announced by the AllianceBlock team.
BeincryptoThe notorious North Korean hacker collective known as Lazarus has had a busy weekend moving millions of dollars in Ethereum.
cryptopotatoBabylon’s founder said several liquidity pools and BABL tokens price were severely impacted, which contributed to the decision.
CoindeskIf you're looking for unique cryptocurrency selections to improve your portfolio, you've come to the right place. In this article, ...
BitcoinistDecentralized finance is a revolutionary movement with aims to cut intermediaries and the expensive taxes that comes with making transactions. ...
Bitcoinist