Convergence, a decentralized finance protocol, experienced a $212K hack due to the removal of a critical line of code in its smart contract. This oversight allowed a hacker to exploit the system, minting and selling a significant amount of the protocol’s native token.
Points
- Convergence was hacked due to a code omission.
- The hacker exploited the CvxRewardDistributor contract.
- Significant price drop in the CVG token post-hack.
- Convergence’s response and user fund safety measures.
- Broader context of rising crypto hacks in July 2024.
Decentralized finance protocol Convergence confirmed it was hacked on August 1, 2024, through a smart contract exploit. The attacker minted and sold $210,000 worth of its native CVG tokens and stole $2,000 in unclaimed staking rewards. This incident highlights the vulnerabilities within DeFi protocols and the critical importance of thorough code audits.
The exploit targeted the CvxRewardDistributor contract, allowing the hacker to mint and sell 58 million CVG tokens. Blockchain security firm PeckShield noted that the attacker quickly converted these tokens into 60 wrapped Ether and 15,900 Curve.fi FRAX, causing a near-total wipeout of CVG’s market value. The token’s price plummeted to $0.0004, leaving a market cap of just $57,000.
Convergence attributed the attack to the accidental removal of a vital line of code during a gas-optimization modification, which had been performed after multiple audits. This change removed the input validation check, enabling the hacker to exploit the claimMultipleStaking function by passing a malicious contract with the same signature as the claimCvgCvxMultiple function.
Convergence has apologized to its community, taking full responsibility for the oversight. They assured users that funds are safe and recommended withdrawing assets from the platform until the rewards contract is fixed. Convergence aims to restore functionality and provide stakers with their due rewards once repairs are complete.
The total value locked on Convergence dropped from $5.79 million to $3.69 million, according to DefiLlama data. This hack is part of a broader trend of increased crypto exploits, with the ecosystem losing around $266 million to hacks in July, including a significant $230 million breach on Indian trading platform WazirX.
解説
- The incident underscores the critical nature of comprehensive code audits and input validation in smart contracts.
- The swift and significant drop in CVG’s value illustrates the immediate market reaction to security breaches.
- Convergence’s proactive measures to secure user funds and communicate transparently are essential in maintaining user trust.
- The broader trend of rising crypto hacks in 2024 highlights the need for robust security protocols across DeFi platforms.
- Understanding and mitigating vulnerabilities is crucial for the sustainability and trustworthiness of the DeFi ecosystem.