DEX aggregator CoW Swap suffers $180K in losses in ‘solver’ exploit

Share IT

Key Takeaways:

  • The hacker successfully transferred about 551 BNB from CoW Swap into Tornado Cash, which at the time of writing was worth about $181,600.
  • CoW Swap’s settlement smart contract was the target of a hacker who made an infamous money transfer.

In a recent attack, the decentralized exchange (DEX) protocol CoW Swap lost at least 550 BNB due to a contract exploit that permitted fund transfers from the platform.

MevRefund, a blockchain surveyor, noted the occurrence and noticed that the cash appeared to be departing from CoW Swap. The DEX and its users were alerted to the attack in a discussion on Twitter by the maximal extractable value (MEV) searcher.

BlockSec, a company that audits smart contracts, claims that a multisig added a wallet address as a “solver” of CoW Swap. After that, the address triggered the transaction to give SwapGuard DAI approval, which caused SwapGuard to distribute DAI to other addresses under the CoW Swap settlement contract.

According to blockchain security company PeckShield, 551 BNB were lost, valued at the time of writing at $181,600. The hacker sent the monies to the notorious cryptocurrency mixer Tornado Cash after taking the assets.

Unlike conventional decentralized exchanges, CoW Swap does not need users to execute trades themselves. Instead, users agree to trade two tokens at a set price by signing a trade agreement, which is then provided to outside “solvers.” The settlement contract, which typically keeps collected fees over one week, is accessible to each solver (before being used to reward solvers).

Cow Swap promptly canceled all authorization for the compromised contract in reaction to the breach and updated to a new contract without the ability for arbitrary execution code. Because Cow Swap does not keep user funds, the company further assured users that their money was never in danger. The solver’s bond will cover all incurred damages. The DEX team released a formal Twitter announcement outlining their comprehensive review of what transpired.

According to research from DappRadar, the DeFi space has had a successful start in 2023 despite the hacks surrounding it. Data indicated that protocols’ overall value locked in January increased significantly.

In related news, the UN said that compared to previous years, North Korean hackers stole more cryptocurrency in 2022. According to the research, hackers with North Korean ties stole between $630 million and $1 billion worth of cryptocurrency last year.

Share IT
Deep
Deep

Get Daily Updates

Crypto News, NFTs and Market Updates

Claim Your Free Trading Guide

Sign up for newsletter below and get your free crypto trading guide.

Can’t find what you’re looking for? Type below and hit enter!