bitcoin
Bitcoin (BITCOIN)
$97,989 0.22%
ethereum
Ethereum (ETHEREUM)
$3,700 -1.82%
binancecoin
BNB (BINANCECOIN)
$688.66 -1.96%
solana
Solana (SOLANA)
$223.14 2.30%
ripple
XRP (RIPPLE)
$2.35 4.47%
shiba-inu
Shiba Inu (SHIBA-INU)
$0.000028 1.14%
pepe
Pepe (PEPE)
$0.000024 -8.84%
bonk
Bonk (BONK)
$0.000037 -3.37%
bitcoin
Bitcoin (BITCOIN)
$97,989 0.22%
ethereum
Ethereum (ETHEREUM)
$3,700 -1.82%
binancecoin
BNB (BINANCECOIN)
$688.66 -1.96%
solana
Solana (SOLANA)
$223.14 2.30%
ripple
XRP (RIPPLE)
$2.35 4.47%
shiba-inu
Shiba Inu (SHIBA-INU)
$0.000028 1.14%
pepe
Pepe (PEPE)
$0.000024 -8.84%
bonk
Bonk (BONK)
$0.000037 -3.37%
bitcoin
Bitcoin (BITCOIN)
$97,989 0.22%
ethereum
Ethereum (ETHEREUM)
$3,700 -1.82%
binancecoin
BNB (BINANCECOIN)
$688.66 -1.96%
solana
Solana (SOLANA)
$223.14 2.30%
ripple
XRP (RIPPLE)
$2.35 4.47%
shiba-inu
Shiba Inu (SHIBA-INU)
$0.000028 1.14%
pepe
Pepe (PEPE)
$0.000024 -8.84%
bonk
Bonk (BONK)
$0.000037 -3.37%
Disclosure
Cryptocurrency trading is speculative and your capital is at risk when you trade. We may earn affiliate commissions from some of the products on this page - at no extra cost to you.
DeFi Protocol Convergence Loses $210K in Hack, CVG Token Value Collapses

Highlights:

  • A Convergence protocol exploit allowed a hacker to mint 58 million CVG tokens worth $210,000.
  • The attacker sold tokens for wrapped ether and crvFRAX, leading to a 99% CVG value drop.
  • An oversight in Convergence’s codebase removed a crucial line, enabling the smart contract exploit.

Decentralized finance protocol Convergence suffered a significant security breach on August 1, 2024, leading to a 99% collapse in the value of its CVG token. The attack was executed through a vulnerability in the Convergence protocol’s smart contract, specifically targeting the CvxRewardDistributor contract. This breach allowed the hacker to mint 58 million CVG tokens, which they swiftly converted into $210,000 worth of wrapped Ether (wETH) and crvFRAX stablecoins using liquidity pools on Curve Finance.

Advertisement

Banner

The exploit happened at approximately 3:00 am UTC when the attacker exploited a missing line of code. The developers had accidentally removed this line during a gas optimization update to the smart contract. This omission disabled a critical validation check, enabling the hacker to utilize a malicious contract that mimicked the signature of the legitimate claimCvgCvxMultiple function. As a result, the hacker successfully minted and sold the tokens, transferring the stolen funds to Tornado Cash, a privacy-focused mixing service, making the trail difficult to trace.

How the Hack Happened

According to Wireshark, the pseudonymous founder of Convergence, the attack stemmed from an oversight that had passed through four separate audits without detection. The missing line of code, intended to improve gas efficiency, inadvertently allowed the hacker to exploit the claimMultipleStaking function within the protocol’s reward distribution mechanism. Consequently, the staking contract was unable to validate inputs, leading to unauthorized token minting.

Wireshark intended the modification for gas optimization, but it accidentally led them to remove the line of code that checked the input given to the function. As a result, the hacker minted all tokens dedicated to staking emissions and then dumped them into the CVG liquidity pools, causing a massive devaluation.

Impact on the Convergence Ecosystem

The financial impact of this breach has been severe. Before the attack, Convergence’s fully diluted market value for CVG was approximately $17 million. Following the exploit, the token’s price dropped from $0.12 to a mere $0.0004, and its market cap plummeted to $57,000, reflecting a near-total wipeout.

Source: CoinMarketCap

Convergence has advised users to withdraw their assets from the platform, emphasizing that user funds remain safe despite the exploit. The team has acknowledged their error and promised to address the broken rewards contract for Stake DAO integration. “No rewards are lost for Stake DAO integration users,” the team assured, indicating that the platform is actively working to resolve the issue and restore trust within its community.

Response and Broader Implications

The Convergence protocol has halted operations temporarily, urging users to refrain from interacting with the platform until further notice. The team is committed to fixing the vulnerabilities and has expressed regret for the oversight that led to the exploit. They plan to communicate future steps to ensure the platform’s security and reliability.

This incident is part of a larger trend of increasing DeFi protocol hacks in 2024, with over $1.38 billion in cryptocurrency stolen worldwide by the first half of the year, according to a recent report by Crypto2Community. The Convergence exploit highlights the ongoing risks and vulnerabilities within the decentralized finance ecosystem, emphasizing the need for more rigorous security measures and audits.

Learn More

BC.Game

Advertisement

Banner

Advertisement

Banner

Advertisement

Banner