Post-mortem of Convergence $210,000 DeFi protocol hack emerges

Convergence, a DeFi protocol, was the victim of a hack in which the attackers looted $210,000 worth of its native token and $2,000 in unclaimed staking rewards. Convergence sent out a post warning its users not to interact with the protocol after news of the exploit broke. Security platform PeckShield initially shared the details of the […]

Aug 2, 2024 - 13:01
 0
Post-mortem of Convergence $210,000 DeFi protocol hack emerges

Convergence, a DeFi protocol, was the victim of a hack in which the attackers looted $210,000 worth of its native token and $2,000 in unclaimed staking rewards. Convergence sent out a post warning its users not to interact with the protocol after news of the exploit broke.

Security platform PeckShield initially shared the details of the hack through one of their X posts. According to the post, the hacker minted 58 million CVG tokens. Following the hack, the tokens were converted to 60 WETH and 15.9k crvFRAX.

Convergence releases post-mortem  

The post-mortem revealed that the primary reason for the exploit is a lack of validation in the input given by the user in the function “claimMultipleStaking” of the reward distribution contract. According to the report, the hacker executed the malicious contract without the validation of the staking contract. This allowed the hacker to mint all tokens that were kept aside for staking emissions.

Following the hack, the hacker dumped all the newly minted CVG tokens into liquidity pools.

Convergence blames ‘post-audit modification’ for exploit

Convergence Finance mentioned in its post-mortem report that the protocol has been audited 4 times by various companies. However, the protocol had recently modified the compromised part of the code post-audit.

According to the team, “The modification (gas-optimization on the first hand) led us to remove the line of code that was checking the input given to the function. We apologize to our community and investors, and we take full responsibility for what happened.”

However, the team assures that all user funds are safe. In what seems like an additional cautionary measure, it also asked investors to withdraw their staked assets.

Following the hack, the rewards contract also got exploited. As a result, stakers will not be able to claim their rewards now. Convergence stated that it is working on a fix, and a resulting will soon be communicated.

Crypto hacks have been on the rise lately. The industry witnessed 16 reported crypto hacks, which contributed to the loss of over $266 million in July.

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow

CryptoFortress Disclosure: This article does not represent investment advice. The content and materials featured on this page are for educational purposes only.