🌋 Convergence Lost Approximately $210,000 Due to an Exploit
posted 2 Aug 2024
On August 1, a bug in the DeFi protocol's smart contract allowed a hacker to mint and claim 58 million CVG. The attacker then sold these tokens for $210,000.
The exploit was discovered in CvxRewardDistributor, a smart contract within the staking mechanism responsible for minting CVG and distributing rewards. Due to a programming error, this contract did not properly validate user data, allowing the hacker to upload their code, trigger minting, and take possession of all minted tokens.
According to Convergence developers, the faulty smart contract was modified after a security audit. In an attempt to optimize the code and reduce gas costs, they accidentally removed the line responsible for data validation.
The exploit has been fixed, but the reward mechanism for stakers is currently not operational. Although user funds were not affected, developers have recommended withdrawing assets from staking as a precaution.