Highlights:
- A Convergence protocol exploit allowed a hacker to mint 58 million CVG tokens worth $210,000.
- The attacker sold tokens for wrapped ether and crvFRAX, leading to a 99% CVG value drop.
- An oversight in Convergence’s codebase removed a crucial line, enabling the smart contract exploit.
Decentralized finance protocol Convergence suffered a significant security breach on August 1, 2024, leading to a 99% collapse in the value of its CVG token. The attack was executed through a vulnerability in the Convergence protocol’s smart contract, specifically targeting the CvxRewardDistributor contract. This breach allowed the hacker to mint 58 million CVG tokens, which they swiftly converted into $210,000 worth of wrapped Ether (wETH) and crvFRAX stablecoins using liquidity pools on Curve Finance.
🚨 URGENT COMMUNICATION 🚨
Convergence has been hacked. Please don't interact with the protocol.
— Convergence (@Convergence_fi) August 1, 2024
The exploit happened at approximately 3:00 am UTC when the attacker exploited a missing line of code. The developers had accidentally removed this line during a gas optimization update to the smart contract. This omission disabled a critical validation check, enabling the hacker to utilize a malicious contract that mimicked the signature of the legitimate claimCvgCvxMultiple function. As a result, the hacker successfully minted and sold the tokens, transferring the stolen funds to Tornado Cash, a privacy-focused mixing service, making the trail difficult to trace.
How the Hack Happened
According to Wireshark, the pseudonymous founder of Convergence, the attack stemmed from an oversight that had passed through four separate audits without detection. The missing line of code, intended to improve gas efficiency, inadvertently allowed the hacker to exploit the claimMultipleStaking function within the protocol’s reward distribution mechanism. Consequently, the staking contract was unable to validate inputs, leading to unauthorized token minting.
🚨 IMPORTANT 🚨
The article below explains the cause of the exploit that happened a few hours ago on Convergence.
We will soon communicate about the options we have to move forward.https://t.co/qkaiF8V4kG
— Convergence (@Convergence_fi) August 2, 2024
Wireshark intended the modification for gas optimization, but it accidentally led them to remove the line of code that checked the input given to the function. As a result, the hacker minted all tokens dedicated to staking emissions and then dumped them into the CVG liquidity pools, causing a massive devaluation.
Impact on the Convergence Ecosystem
The financial impact of this breach has been severe. Before the attack, Convergence’s fully diluted market value for CVG was approximately $17 million. Following the exploit, the token’s price dropped from $0.12 to a mere $0.0004, and its market cap plummeted to $57,000, reflecting a near-total wipeout.
Convergence has advised users to withdraw their assets from the platform, emphasizing that user funds remain safe despite the exploit. The team has acknowledged their error and promised to address the broken rewards contract for Stake DAO integration. “No rewards are lost for Stake DAO integration users,” the team assured, indicating that the platform is actively working to resolve the issue and restore trust within its community.
Response and Broader Implications
The Convergence protocol has halted operations temporarily, urging users to refrain from interacting with the platform until further notice. The team is committed to fixing the vulnerabilities and has expressed regret for the oversight that led to the exploit. They plan to communicate future steps to ensure the platform’s security and reliability.
This incident is part of a larger trend of increasing DeFi protocol hacks in 2024, with over $1.38 billion in cryptocurrency stolen worldwide by the first half of the year, according to a recent report by Crypto2Community. The Convergence exploit highlights the ongoing risks and vulnerabilities within the decentralized finance ecosystem, emphasizing the need for more rigorous security measures and audits.
Learn More
- Next Cryptocurrency to Explode in August 2024
- Ethena Price Prediction 2024 – 2040
- Next 100x Crypto – 12 Promising Coins with Power to 100x
- Ethereum ETFs See $26.7M in Inflows; Bitcoin ETFs Also Report Gains on August 1st