Convergence congratulates attacker, attempts to open negotiations

Convergence attempted to open negotiations with the attacker, who drained the protocol of $212,000, stating that it would "move to a new step" if it did not receive a response.
Convergence attempted to open negotiations with the attacker, who drained the protocol of $212,000, stating that it would "move to a new step" if it did not receive a response.

According to Aug. 6 blockchain data, the Convergence Finance team has sent a congratulations message to the attacker who drained its protocol of $212,000. It has also attempted to open negotiations for the return of some of the funds, claiming that “[w]e believe you acted as a white hat.”

A transaction posted to the Ethereum network at 12:56 pm UTC provided a message from the Convergence team to the attacker. “Hey, Convergence Finance would like to discuss with you about the bug you found and successfully exploited on August 1st,” it began. “Congratulations on identifying it,” it continued, adding that “[w]e believe you acted as a white hat, and we would like to discuss with you about the funds ( 65.8 ETH) that you took and sent [through] TornadoCash.”

The message provided a contact email and Ethereum address where funds could be returned. It also warned that if no response is received within 48 hours, “we’ll move to a new step.”

Convergence Finance message to attacker. Source: Etherscan.

Convergence Finance is a decentralized finance protocol integrated with Stake DAO and Convex. It attempts to boost the yields from these protocols by pooling investors’ funds together into a common treasury and issuing its own token, “CVG,” which represents ownership of this treasury.

On Aug. 2, Convergence was attacked when a person exploited a vulnerability in the CvxRewardDistributor to mint 58 million CVG tokens. These tokens were sold for $210,000, crashing the price of CVG by over 99% in the process. The attacker also drained $2,000 of unclaimed rewards from Convex that were owned by Convergence users. The drained crypto loot was deposited into the crypto mixing protocol Tornado Cash in an apparent attempt to launder the funds.

Related: DeFi protocol removed an important line of code that led to a $212K hack

Web3 exploits continue to pose risks to crypto users. In July, more than $266 million of cryptocurrency was lost through exploits, according to a report from PeckShield. Indian crypto exchange WazirX was the largest attack of the month, resulting in over $230 million of losses.

Magazine: Backlash as WazirX ‘socializes’ $235M loss, $10B metaverse plan for shut-ins: Asia Express