Convergence Finance 200K Exploit

On August 1 2024, the Convergence Finance Protocol on Ethereum was hacked through a smart contract vulnerability, resulting in nearly 58M unauthorized CVG Tokens being minted, worth nearly 210K USD at the time of the attack.

Investigation Highlights

Convergence Finance is a DeFi protocol that operates a set smart contracts that participate in various other protocols optimizing yield for the DeFi ecosystem. They incentivize users to participate in their protocol through the CVG token.

The hacker was able to exploit a vulnerability in the rewards contract, where proper validation wasn't being done, this allowed the hacker to mint new CVG tokens. These tokens were then immediately swapped for more stable assets such as WETH and Curve.fi FRAX.

Soon after the exploiter moved the funds to a well known and OFAC sanctioned mixer, Tornado cash, effectively making it impossible to track down the funds. The Convergence Finance team attempted to contact the exploiter to get their funds back and offering a bounty reward as well, but the money has so far not been returned.

Hack Breakdown & Timeline?

Thursday August 1, 10:55 UTC - Attaker's Wallet Funded

The attacker's wallet, 0x03560a9d7a2c391fb1a087c33650037ae30de3aa (Convergence Exploiter), was funded with 0.9874 ETH (3.2K USD) from 0x912c705958f527b08289320c20ca6c90463ab572 (Convergence Exploit Funder).

Looking further at Convergence Exploit Funder, we can see that they ultimately got their funds from Tornado cash about 2 minutes earlier.

Thursday August 1, 10:59 UTC - Exploit transaction triggered

The attack transaction, 0x636be30e58acce0629b2bf975b5c3133840cd7d41ffc3b903720c528f01c65d9 was executed.

Looking at the transaction through Transaction Decoder's Trace call feature, it can be seen that the two smart contracts were created, since they came from the exploiter it can be assumed that they were malicious in nature. Eventually a call to the CVX Reward Distributor contract is made. This is likely where the attack occurs.

Technical Breakdown of the hack

Claiming tokens via smart contracts usually involves minting so looking at the token transfers table in the decoder tool, the mint information can be seen. Opening the event data, the trace id is shown as "Trace-6" so going back to Trace Calls, we can further investigate.

Trace Calls Line 6 Confirms the minting of tokens. Looking up the trace, it can be seen that Trace 4 is the initial trigger, confirming the earlier thesis.

Looking at the decoded data on Trace 4, one of the malicious contracts pops up. The vulnerability can be localized to this function call.

It is now evident that something occurred in this situation. Upon reviewing the code for the CVX Reward Distributor on Etherscan, particularly the claimMultipleStaking function, it became clear that within the function, a loop iterates over contracts to gather the amount of cvgClaimable. However, there were no checks in place to verify whether the contract was legitimate and eligible to claim rewards. The malicious contract was designed with a single function that returned the amount the attacker intended to mint. Essentially, any amount could have been specified as long as it passed the subsequent checks in the code.

From here, the tokens are swapped for WETH and Curve.fi FRAX.

Tracing Funds

Lets use the Blockscope Tracer tool and find where the funds came from and went. We start by searching the Exploiter's wallet and the tokens involved.

Exploiter Offramping funds to Tornado

The exploiter acted very quick to convert all the tokens to stable tokens (WETH, ETH) and the move them to Tornado Cash to hide their tracks.

The node on the very right is the Tornado Cash router, a smart contract where the majority of funds being laundered through Tornado Cash's protocol first go through. Expanding on the connection between the exploiter and the router, multiple transactions of ETH transfers can be seen.

The Full Picture

The tracer below brings in information from the exploit transaction. We can see 58M CVG tokens being minted, and moved to a contract funded by the attacker. Then 52M of those tokens go into a CVG/WETH Pool. The WETH is then swapped for ETH and we can see the WETH contract sending 60 ETH to the attacker's wallet. The other 6M token move to Curve.fi Contract and swapped for CRVFRAX. Finally the CRVFRAX was swapped for ETH using Cowswap. Last the total 65.8 ETH gets sent out to Tornado Cash

Finding all the transactions to Tornado Cash

Let use Entity Interaction and find all the transactions, between the attacker and Tornado Cash. A quick search gives us the findings, 19 transactions were triggered where the exploiter sent funds to Tornado Cash.

Breaking this information down gives us all 19 of these transactions as seen in the image below.

Looking at all 19 of these transaction, the following information can be noted. 6 transaction were made moving 10 ETH each time into the 10ETH Tornado Pool. 5 transactions were made moving 1 ETH each time to the 1 ETH Tornado Pool. The remaining 8 transactions moved 0.1 ETH each time to the 0.1 ETH Pool.

The funds are now mixed through Tornado Cash and hard to trace. However knowing the sums of the amounts moved into the mixer, we can potentially watch for accounts withdrawing these sums from the mixer.

Recovery Attempt - Convergence Finance Communications

The Convergence Finance Team attempted to make communications on two seperate occasions with the exploiter, asking for the money back. Both times they were ignored. From the last message it seems like they are now pursuing investigating the crime via other 3rd party firms.

Communication 1: Tuesday Aug 6, 8:56 UTC

The first message was sent via transaction: 0x0efb4ecda85da9883795a8cae60de7c54bd4ec549d85c6d67ef1df1fc16af7d7 demanding the return of the funds within 48 Hours. The message can be seen in the decoded view of the transaction.

Communication 2: Thursday Aug 8, 15:04 UTC

After the first 48 hours, they again sent a message via transaction: 0x4f63017dab0f53614a40957da60361074c58221e1c00e29b235325c6204fa5d7 with another 24 hour time limit along with a 10% bounty reward, with the threat of legal action.

Communication 3: Sunday Aug 11, 15:09 UTC

After another 3 days, they send a message claiming the convergence team will use legal means to pursue the exploiter in the following transaction: 0xa7be1dd82569634a7aaa72bf083558a2bada949d20effefcacb020334ee18777

Wallets & Transactions involved in Exploit

Addresses of Note

Transactions of Note

Summary

The investigation utilized several advanced tools provided by Blockscope and forensic techniques to meticulously trace and analyze the events of the hack:

• Transaction Decoder: Essential in breaking down unauthorized transactions and understanding the sequence of actions taken by the hackers.

• Wallet Profiler: Helped identify and analyze the suspicious wallets involved, revealing their connections to the Tornado Cash mixer, which was used to obfuscate the origins of the stolen funds.

• Tracer Tool: Played a crucial role in tracking the movement of the stolen tokens, such as SHIB and ETH, across various wallets and DeFi protocols.

• Entity Interaction Tool: Used to map out all interactions between the involved addresses.

• Cohort Analyzer: Helped identify clusters of associated wallets, providing a clearer picture of the hackers' network.

For more information, please reach out to us at [email protected]

Disclaimer: Best Effort Investigation

This investigation and its findings represent our best effort based on the information available at the time. However, please be aware of the following limitations:

• The data used in this investigation may contain inaccuracies, omissions, or errors.

• Information sources may be incomplete or subject to change.

• New evidence may emerge that could alter the conclusions.

• Analysis and interpretations are based on current understanding and may evolve.

We have made every reasonable attempt to ensure accuracy, but cannot guarantee that all information is entirely correct or complete. This report should be considered a snapshot of our current knowledge and understanding, subject to revision as new information becomes available.