Post-mortem of Convergence $210,000 DeFi protocol hack emerges

Bitget App

Trade smarter

Bitget

News

Cryptopolitan2024/08/01 16:00

By:By Vignesh Karunanidhi

Share link:In this post: Convergence has released the post-mortem report of its recent hack. A hacker made away with $210,000 in a smart contract exploit of the Defi protocol. The hacker also looted $2,000 worth of unclaimed rewards from Convex.Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional bef

Convergence, a DeFi protocol, was the victim of a hack in which the attackers looted $210,000 worth of its native token and $2,000 in unclaimed staking rewards. Convergence sent out a post warning its users not to interact with the protocol after news of the exploit broke.

Security platform PeckShield initially shared the details of the hack through one of their X posts. According to the post, the hacker minted 58 million CVG tokens. Following the hack, the tokens were converted to 60 WETH and 15.9k crvFRAX.

Convergence releases post-mortem

The post-mortem revealed that the primary reason for the exploit is a lack of validation in the input given by the user in the function “claimMultipleStaking” of the reward distribution contract. According to the report, the hacker executed the malicious contract without the validation of the staking contract. This allowed the hacker to mint all tokens that were kept aside for staking emissions.

Following the hack, the hacker dumped all the newly minted CVG tokens into liquidity pools.

See also Ethereum ETF turns to net inflows for the first time

Convergence blames ‘post-audit modification’ for exploit

Convergence Finance mentioned in its post-mortem report that the protocol has been audited 4 times by various companies. However, the protocol had recently modified the compromised part of the code post-audit.

According to the team, “The modification (gas-optimization on the first hand) led us to remove the line of code that was checking the input given to the function. We apologize to our community and investors, and we take full responsibility for what happened.”

However, the team assures that all user funds are safe. In what seems like an additional cautionary measure, it also asked investors to withdraw their staked assets.

Following the hack, the rewards contract also got exploited. As a result, stakers will not be able to claim their rewards now. Convergence stated that it is working on a fix, and a resulting will soon be communicated.

Crypto hacks have been on the rise lately. The industry witnessed 16 reported crypto hacks, which contributed to the loss of over $266 million in July .

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Earn new token airdrops

Lock your assets and earn 10%+ APR

Lock now!