The attacker created (minted) 58 million of the protocol’s CVG token using a vulnerability in the protocol’s codebase, and swapped the tokens for 60 wrapped ether (wETH) and 15,900 crvFRAX stablecoin using liquidity pools on Curve, web3 security auditing firm QuillAudits said.