Convex: more info on the hack
Convex: more info on the hack

Convex: more info on the hack

By Martina Canzani - 24 Jun 2022

Chevron down

It all began last night, around 8 PM (GMT), on Convex Finance.

The hack that occurred to the detriment of the DeFi Convex Finance platform

The report came from Twitter, from a core team member of PieDAO, a well-known DeFi project dealing with tokenized funds.

During a transaction, the user noticed that the Convex website was leading him to use an unverified contract, which later turned out to be malicious.

This immediately set off the reporting tweet to alert the protocol team in question and try to shed light on the issue.

The contract was particularly suspicious because it was unverified, had recently been created, and the initial and final four letters were the same.

This is a reminder that in order not to take risks, it is absolutely necessary to verify the entire address, every single letter, not just the beginning and the end.

It is worth remembering the importance of this step, before approving a transaction, since the most dangerous attacks are precisely those that use vanity addresses, i.e., addresses that look very similar to the real ones but are actually scams in their own right.

This is an attack that exploits people’s lack of caution!

The response of the Convex team together with important auditors from the crypto scene 

The report immediately attracted the attention of a number of prominent security researchers, including the well-known SamCzsun.

The Convex team and auditors thus began investigating the source and extent of the problem.

Convex quickly reassured the community by explaining that the official protocol contracts were not in jeopardy, but that the issue affected only those addresses that had mistakenly approved that contract. The addresses fortunately turned out to be only five.

The first report triggered a series of checks that led to the tracing of at least 10 more malicious contracts like that one.

At the time of writing, the tally of what the hacker managed to steal is about 220 ETH.

Ribbon Finance appears to have suffered the same attack.

Analysis is still ongoing. Unfortunately, it appears that the hacker had not only targeted the Convex platform, but also Ribbon finance.

Simple steps to minimize the possibility of being hacked

  • Use a hardware wallet and ideally have a PC only to manage your crypto positions;
  • Try to interact only with protocols that have proven to be trusted over time;
  • Use all tools intentionally, having first understood and learned how they work;
  • Having a technical background, avoiding exploiting DeFi products in self pilot, is perhaps one of the most powerful weapons we all have at our disposal.

DeFi offers incredible opportunities, but by its nature it requires its users to be aware of what they are doing in this world. We must remember that everyone is responsible for their own money-“Be smart, know what you are doing.”

Approving a contract is one of the most dangerous things so it is necessary for the user to do the proper checks before finalizing the transaction.

It is wise, in fact a must, to check the official documentation of the protocol you are using.

If a contract is not verified and has only been created a few days ago it is generally a bad sign, a big red flag.

Alexintosh, the user who started this cascade of reports, concludes the interview by saying: 

“One has to understand that DeFi is a PvP world (Player vs Player) and therefore it is necessary to study how best to protect oneself from other users, from potential hackers in the system”.

Martina Canzani

Graduated in Law at the University of Milan. After completing her academic studies, she became interested in the world of blockchain, finding it a powerful tool for redemption. Her passion then turned into a job, and now she invests in early-stage projects in decentralised finance and DAO and writes articles on all the news concerning the crypto world.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.