- Decentralized governance hedge fund platform Convergence exploited.
- 58M CVG tokens minted and swapped.
- CVG token value plunged 99% from $0.12 to $0.0004 following the hack.
On Thursday, the decentralized finance (DeFi) protocol Convergence experienced a severe breach, resulting in a dramatic collapse of its CVG token.
The exploit involved the creation of 58 million CVG tokens, which were then exchanged for approximately $200,000 worth of wrapped Ether (wETH) and crvFRAX stablecoin.
Hacker exploited a vulnerability in Convergence’s codebase
This malicious activity was carried out using a vulnerability within the protocol’s codebase, according to web3 security firm QuillAudits.
The attacker leveraged this flaw to mint a massive amount of CVG tokens, subsequently swapping them for wETH and crvFRAX through Curve’s liquidity pools. Following the token exchange, the attacker converted the funds into Ether (ETH) and transferred them to Tornado Cash, a privacy tool designed to obscure transaction trails.
This breach led to an estimated $210,000 in financial losses, while CVG token holders faced a catastrophic decline in the token’s value.
Before the attack, CVG had a fully diluted valuation of $17 million. However, the token’s price plummeted by 99% in the Curve liquidity pools, dropping from $0.12 to a fraction of a cent, trading at $0.0004.
Frens, @Convergence_fi was just hit by an exploit resulting in a loss of around $210,000. 🚨
The attacker minted 58 million $CVG tokens & swapped them for 60 WETH & 15.9k crvFRAX.
The price of $CVG at the time of exploit was $0.1155. It dumped 99% and is currently at $0.000413… pic.twitter.com/43MJGjQg2i
— QuillAudits ➡️ Web3 Security 🥷🛡️ (@quillaudits_ai) August 1, 2024
Convergence asks users to pause activities on the platform
In response to the incident, Convergence has advised users to refrain from interacting with the protocol to avoid further risk.
🚨 URGENT COMMUNICATION 🚨
Convergence has been hacked. Please don't interact with the protocol.
— Convergence (@Convergence_fi) August 1, 2024
The protocol’s team and security experts are currently investigating the breach to prevent future vulnerabilities and mitigate the damage caused by the exploit.
This incident underscores the ongoing risks associated with DeFi protocols and the importance of robust security measures in safeguarding digital assets.