The native token of Convergence, CVG, went down by more than 99 percent after the assault, which happened at roughly 3 am UTC on August 1.
Protocol for decentralized financing On August 1, Convergence confirmed that it was compromised through a smart contract exploit. The perpetrator was able to mint and sell $210 million in its native token, as well as take $2,000 in outstanding staking rewards.
The intruder was able to mint and sell 58 million CVG tokens for approximately $210,000 by exploiting the CvxRewardDistributor contract of the Convergence protocol, as per a recently released post-mortem from Wireshark, the pseudonymous originator of the protocol.
Additionally, the intruder seized approximately $2,000 in unclaimed rewards from Convex, a DeFi protocol that is intended to optimize rewards for Curve liquidity providers.
Etherscan reports that the attack took place at approximately 3:00 a.m. UTC on August 1. PeckShield, a blockchain security firm, observed that the intruder promptly exchanged the CVG tokens for 60 wrapped-Ether and 15,900 Curve after minting them.fi FRAX.
The CVG governance token has experienced a nearly 100% price decline as a result of the developments mentioned above, and it is currently trading at $0.0004 with a market capitalization of only $57,000. According to data from CoinMarketCap.
The team’s accidental removal of a critical line of code in its smart contract, which distributes CVG staking rewards, rendered the attack feasible, according to Convergence. Following four audits of the smart contract code, they implemented the modification.
“The modification (gas optimization) necessitated the removal of the line of code that was verifying the input provided to the function,” it explained.
In order to exploit the CvxRewardDistributor contract, the intruder employed the claimMultipleStaking function.
This prevented the validation of the staking contract, which enabled the perpetrator to transmit a distinct malicious contract with the same signature as the claimCvgCvxMultiple function.
The offender subsequently minted all tokens allocated for staking emissions and subsequently deposited them in CVG liquidity pools, according to Convergence.
Also Read: South Korea Surpasses the United States in the Extradition of Terraform Labs’ Do Kwon
