DeFi platform Convergence fell victim to a hacker attack on August 1st, resulting in the loss of $210,000 worth of CVG tokens.
The attacker exploited a vulnerability in Convergence’s CvxRewardDistributor smart contract, allowing them to mint and sell 58 million CVG tokens. Additionally, $2,000 in unclaimed staking rewards were stolen.
A Coding Error Left a Backdoor Open
A post-mortem investigation revealed a critical oversight by the Convergence team. A crucial line of code, intended for gas optimization during audits, was inadvertently removed from the smart contract. This omission created a vulnerability in the “claimMultipleStaking” function, which the attacker exploited.
Hacker Drained Value from CVG Token
The attacker minted a significant amount of CVG tokens at 3:00 am UTC on August 1st. These tokens were then quickly converted into other cryptocurrencies, leading to a sharp decline in CVG’s value. Currently, CVG trades at a mere $0.0004 with a market capitalization of just $57,000.
Convergence Responds: User Funds Safe, But Platform Paused.
Convergence has assured users that their funds are safe but has urged them to withdraw their assets from the platform. The team has acknowledged their mistake, apologized for the incident, and taken full responsibility.
While the rewards contract for Stake DAO integration is temporarily disabled, Convergence assures users that no rewards have been lost. The team is working on a solution and will communicate further steps soon.
DeFi Security Concerns Rise Again
This hack highlights the ongoing challenges with DeFi security. In July alone, cryptocurrency exploits resulted in losses exceeding $266 million. Notably, the Indian platform WazirX was hit for a staggering $230 million on July 18th.
As Convergence works on recovery, the DeFi community remains vigilant, emphasizing the critical need for robust smart contract security and ongoing audits.