Initial Disclosure — On June 23, 2022, @alexintosh on Twitter reported some abnormal activity on the Convex Finance website. Suspicious contract approvals were suspected. Shortly after this, @samczsun sent a direct-message to the Convex Twitter account with the same suspicions. Convex Twitter issued this initial warning tweet as a result of the two similar notifications. Summary of Attack After some initial investigation, it was confirmed that the DNS of www.convexfinance.com had been hijacked, taking users to a copy of the website containing malicious contracts. The attack replaced web elements that interact with smart-contracts across varying portions of the site to new contracts under the…