DeFi News

Hacker Steals $210,000 in CVG Tokens from Convergence

On August 1, a hacker exploited CVG, converting it into 60 ETH and 15,900 FRAX, collapsing its value.

Written By:
Dishita Malvania

Reviewed By:
Dhara Chavda
Hacker Steals $210,000 in CVG Tokens from Convergence

On August 1, the decentralized finance (DeFi) protocol Convergence suffered a devastating breach. The hacker exploited a vulnerability in the protocol’s CvxRewardDistributor smart contract, resulting in the minting and sale of 58 million CVG tokens worth $210,000. Additionally, the attacker siphoned off $2,000 in unclaimed staking rewards.

According to a recent post-mortem by Wireshark, the hacker’s scheme involved a critical oversight by the Convergence team. An essential line of code was accidentally removed from the smart contract after a series of audits. This omission, intended as a gas optimization, inadvertently allowed the attacker to exploit the contract’s claimMultipleStaking function.

On August 1 at around 3:00 am UTC, a hacker exploited the CVG token. After minting it, they swiftly converted it into 60 wrapped-Ether and 15,900 Curve.fi FRAX. This led to a near-total collapse of the CVG token’s value, now trading at $0.0004 with a market cap of $57,000.

Peckshield Twitter
Source: PeckShield

After bypassing the contract’s validation checks, the hacker used a malicious contract with the same signature as the legitimate claimCvgCvxMultiple function.

In response, Convergence has assured its community that user funds are safe and urged users to withdraw their assets from the platform. The team acknowledged their mistake and apologized, taking full responsibility for the incident.

They revealed that while the rewards contract for Stake DAO integration is currently out of commission, no rewards have been lost for its users. Convergence plans to address the issue and communicate future steps soon.

The hack comes amid a troubling trend in the cryptocurrency space, with July alone witnessing around $266 million in losses due to various exploits. Notably, the Indian trading platform WazirX was hit for $230 million on July 18.

As Convergence works to repair the damage and restore trust, the broader DeFi community remains on high alert, emphasizing the critical importance of robust smart contract security and ongoing vigilance.

Also Read: dYdX v3 Website Hacked, Users Urged to Stay Away from Site

TAGGED:
Dishita Malvania
By Dishita Malvania
Dishita is a skilful content writer and have been growing her interest in crypto lately. She likes to write in other areas as well. She loves travelling & have pretty decent photography skills. She is a Baker and wants to open her Bakery. She love dogs and wish to pet them someday.
Dhara Chavda
By Dhara Chavda
Dhara is a crypto content analyst and writer with over 2 years of experience in the industry. Dhara has a deep understanding of the crypto market and is well-versed in various blockchain technologies. Dhara is also an avid trader and stays current with the latest trends and news in the crypto world. With Dhara's expertise and passion for the industry, readers can expect insightful and informative content.

Latest News

Follow US

Facebook X-twitter Instagram Telegram Linkedin