On August 6, blockchain data revealed that the Convergence Finance team reached out with a congratulatory message to the individual who siphoned off $212,000 from its protocol. In an unexpected turn, they also proposed negotiations for the return of a portion of the funds, expressing their belief that the attacker acted as a “white hat.”
A transaction recorded on the Ethereum network at 12:56 PM UTC contained a message from the Convergence team directed at the attacker. It began with, “Hello, Convergence Finance would like to discuss the bug you discovered and successfully exploited on August 1st.” The message continued with, “Congratulations on identifying it,” and emphasized their view that “[w]e believe you acted as a white hat. We would like to discuss the funds (65.8 ETH) that you took and sent [through] TornadoCash.”
In the message, the team provided an email address and an Ethereum account for the return of the funds. They also cautioned that if they did not receive a response within 48 hours, “we’ll move to a new step.”
Convergence Finance message to attacker. Source: Etherscan.
Convergence Finance operates as a decentralized finance protocol in collaboration with Stake DAO and Convex. It seeks to enhance yields from these platforms by aggregating investors’ funds into a shared treasury and issuing its own token, “CVG,” which signifies ownership of this treasury.
On August 2, Convergence suffered an attack when an individual exploited a flaw in the CvxRewardDistributor, allowing them to mint 58 million CVG tokens. These tokens were subsequently liquidated for $210,000, resulting in a staggering price drop of over 99% for CVG. Additionally, the attacker extracted $2,000 in unclaimed rewards from Convex that belonged to Convergence users. The ill-gotten gains were then funneled into the crypto mixing service Tornado Cash, seemingly to obfuscate the funds.
Related:
DeFi protocol removed a critical line of code that led to a $212K hack.
Web3 exploits continue to jeopardize crypto users. A report from PeckShield indicated that in July alone, over $266 million in cryptocurrency was lost due to various exploits. The most significant incident of that month involved Indian crypto exchange WazirX, which faced losses exceeding $230 million.
Magazine: Backlash as WazirX ‘socializes’ $235M loss, $10B metaverse plan for shut-ins: Asia Express.