The DeFi protocol Convergence experienced a hack on August 1st, which resulted in the loss of $210,000 worth of tokens and $2000 worth of staking rewards. This hack was made possible by the removal of a single line of code by the team in an attempt to optimize gas fees for users. The hacker took advantage of this code alteration to mint 58 million CVG tokens and drain them from the pools, causing the token to lose 99% of its value.
PeckShield, a blockchain security and analytics firm, reported the incident on X, highlighting the exploit that led to the massive loss. The hacker was able to mint the tokens by adding a malicious contract of their own after the crucial contract validation mechanism was removed in the code.
In response to the hack, the protocol’s founder, Wireshark, released a post-mortem report taking full responsibility for the issue. They explained that the code had undergone four audits by different companies, but modifications made after the audits led to the vulnerability exploited by the hacker. Wireshark apologized to the community of users, supporters, and investors, assuring them that their funds were safe but recommending the withdrawal of assets due to the broken staking implementation.
The rewards contract for the Stake DAO integration was affected by the exploit, but users were reassured that no rewards were lost, and the issue would be fixed soon. Stakers will be able to claim their rewards once the contract is repaired.
This incident serves as a reminder of the importance of thorough security measures in the DeFi space. Users should be cautious when interacting with protocols that have undergone recent code modifications, as even minor changes can create vulnerabilities that hackers can exploit. It is essential for protocols to prioritize security at all stages of development to protect user funds and maintain trust within the community.