Weekly Crypto Hack Report: From Convergence Finance to Terra’s $5M Loss

The post Weekly Crypto Hack Report: From Convergence Finance to Terra’s $5M Loss appeared first on Coinpedia Fintech News

Dark days for the crypto community as major hacks have unveiled numerous weaknesses in various broad venues. The exploits have not only been costing pretty tangible financial repercussions but have also caused trust deficits in these platforms. Tune in with us as we work and bring them out for you in our week’s hack report!

Convergence Finance Breach

Convergence Finance was hacked, a situation that occurred on 31st July 2024, which made the organization experience a severe security violation. The hackers launched the attack targeting the `claimMultipleStaking` function on the reward distribution contract. This absence of validation enabled the hacker to int and sell 58 million CVG tokens constituting about $210,000. 

Moreover, approximately $2,000 in lost bonuses from Convex were also taken. Said portion, namely staking emissions, was pulled out in full.

Terra Blockchain’s over $5 million Exploit

On the same day, the Terra blockchain was subjected to a major hack attack where hackers were able to violate the third-party IBC hooks, allowing them to steal assets. This let them siphon the cross-chain assets, such as USDC stablecoins and Astroport tokens, totalling $5.28 million.

The Terra team immediately ceased the network to apply a fix to the matter. Still, as Zaki Manian, co-founder of Sommelier Finance, stressed, this vulnerability has been solved in the Cosmos ecosystem in April. However, this vulnerability is not in Terra but the absence of this patch in their June upgrade left the network open.

Metis network Discord Compromise

Another Ethereum Layer 2 network called Metis warned users of a security breach of their Discord server on July 30, 2024. The hacker’s intent involved taking over the full space and using this Discord server with the intention of having the targets click on the links. The team recommended that users do not click on any links, especially ‘airdrop links’ that circulate on the compromised site.

As exact damages failed to be reported, the incident remains a prime example of threats originating in social engineering cases.

From the smart contract exploits to the so-called social engineering attacks; it appears that security measures and timely updates cannot be overemphasized in order to discourage and prevent cyber criminals from stealing users’ assets.

Also Read: WazirX To Dump the Plan Of Socializing Losses Following Heavy Backlash