Convergence Lost Approximately $210,000 Due to an Exploit
On August 1, a bug in the DeFi protocol’s smart contract allowed a hacker to mint and claim 58 million CVG. The attacker then sold these tokens for $210,000.
On this page
On August 1, a bug in the DeFi protocol's smart contract allowed a hacker to mint and claim 58 million CVG. The attacker then sold these tokens for $210,000.
The exploit was discovered in CvxRewardDistributor, a smart contract within the staking mechanism responsible for minting CVG and distributing rewards. Due to a programming error, this contract did not properly validate user data, allowing the hacker to upload their code, trigger minting, and take possession of all minted tokens.
According to Convergence developers, the faulty smart contract was modified after a security audit. In an attempt to optimize the code and reduce gas costs, they accidentally removed the line responsible for data validation.
The exploit has been fixed, but the reward mechanism for stakers is currently not operational. Although user funds were not affected, developers have recommended withdrawing assets from staking as a precaution.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
