On August 6, blockchain data revealed that the Convergence Finance team reached out with a congratulatory note to the individual responsible for siphoning off $212,000 from their protocol. The team expressed a desire to negotiate the recovery of some of the stolen funds, stating, “[w]e believe you acted as a white hat.”
A transaction logged on the Ethereum network at 12:56 pm UTC included a message from the Convergence team directed at the attacker. It began, “Hey, Convergence Finance would like to discuss with you about the bug you found and successfully exploited on August 1st.” The message continued with praise, stating, “Congratulations on identifying it,” and expressed the team’s belief that the attacker had acted with good intentions, inviting a conversation regarding the 65.8 ETH that had been taken and subsequently funneled through Tornado Cash.
The message included contact details, providing an email address and an Ethereum wallet for the return of the funds. It also issued a warning that if no reply was received within 48 hours, “we’ll move to a new step.”
Convergence Finance is a decentralized finance protocol that collaborates with Stake DAO and Convex. Its goal is to enhance yields from these platforms by aggregating investors’ resources into a shared treasury, from which it issues its own token, “CVG,” signifying ownership of that treasury.
On August 2, Convergence suffered an attack when an individual exploited a weakness in the CvxRewardDistributor, allowing them to mint 58 million CVG tokens. These tokens were subsequently sold for approximately $210,000, leading to a staggering drop of over 99% in the CVG price. Additionally, the attacker drained $2,000 in unclaimed rewards from Convex that belonged to Convergence users. The stolen cryptocurrency was then deposited into the mixing protocol Tornado Cash, seemingly to obscure the origin of the funds.
Related:
DeFi protocol eliminated a crucial line of code that caused the $212K breach.
Web3 vulnerabilities continue to threaten cryptocurrency users. A report by PeckShield noted that in July alone, over $266 million in cryptocurrency was lost due to various exploits. The most significant incident that month occurred at the Indian crypto exchange WazirX, resulting in more than $230 million in losses.
Magazine: Backlash as WazirX ‘socializes’ $235M loss, $10B metaverse plan for shut-ins: Asia Express.