CoW Swap hacker milks over 550 BNB using 'solver' exploit

Published at: Feb. 7, 2023

Decentralized exchange (DEX) protocol CoW Swap recently suffered an attack, losing at least 550 BNB (BNB) in a contract exploit that approved fund transfers from the protocol.

Blockchain surveyor MevRefund flagged the event and detected that the funds seemed to be moving away from CoW Swap. The MEV searcher warned the DEX and its users of the exploit in a Twitter thread.

@CoWSwap your funds appear to be moooving away ...https://t.co/li1NkXNeUp

— MevRefund (@MevRefund) February 7, 2023

According to the Smart contract auditing firm BlockSec, a wallet address was added as a “solver” of CoW Swap by a multisig. Then, the address invoked the transaction to approve DAI (DAI) to SwapGuard, which then led to SwapGuard transferring DAI from the CoW Swap settlement contract to other addresses.

Blockchain security firm PeckShield estimated that around 551 BNB was lost, worth $181,600 at the time of writing. After stealing the assets, the hacker moved the funds to the infamous crypto mixer Tornado Cash.

During the attack, some members of the community panicked and urged users to revoke approvals from the DEX. However, the decentralized finance (DeFi) protocol said that this isn’t necessary.

We are aware of an issue that has impacted the fees that CoW Protocol has collected over the past week. We have mitigated the issue and are conducting an investigation. Traders are in no way affected. More details to follow.

— CoW Swap | Better than the best prices (@CoWSwap) February 7, 2023

According to CoW Swap, the settlement contract which was exploited only has access to the fees that the protocol collected in a week. The team said that it is unable to directly access user funds without an order signed by users.

CoW Swap has not yet responded to Cointelegraph's request for comment.

Related: Scam alert: MetaMask warns crypto users about address poisoning

Meanwhile, despite the hacks that surround DeFi, the space has had a prolific start in 2023 according to a report from DappRadar. Data showed that protocols saw significant growth in their total value locked in the month of January.

In other news, the United Nations also reported that North Korean hackers have stolen more crypto in 2022 compared to other years. The report estimates that hackers linked to North Korea were responsible for around $630 million to $1 billion in stolen crypto assets last year.

Tags

Defi

Hacks

Hackers

Dex

Related Posts

Maiar decentralized crypto exchange goes offline after bug discovery

The Maiar Exchange, a decentralized exchange (DEX) native to the Elrond blockchain, has been temporarily taken offline after an attacker utilized an exploit and made off with roughly $113 million worth of Elrond eGold (EGLD). Minutes before 12:00 am UTC on Monday, the co-founder and CEO of Elrond, Beniamin Mincu, tweeted that he and his team were “investigating a set of suspicious activities” on the Maiar decentralized cryptocurrency exchange. Soon after, the DEX was taken offline, with Mincu reporting that the issue had been identified and an “emergency fix” was being implemented. In a Twitter thread posted almost 24 hours …

Altcoin / June 7, 2022

BSC's Impossible Finance raises $7M for multi-chain DeFi incubator

Impossible Finance, a Defi protocol built on Binance Smart Chain, has completed a $7 million seed funding round backed by over 125 institutional and angel investors — with the funds going towards the development of a multi chain DeFi incubator. The seed round was led by venture capital firm True Ventures, and quantitative investment firm Alameda Research, blockchain development firm Hashed and investment firm CMS Holdings. Impossible Finance was launched on BSC on April 9, and the protocol currently offers DeFi investors token swaps, liquidity pools, and staking rewards through the Impossible Finance (IF) token The new funding will go …

Business / June 4, 2021

Ankr says ex-employee caused $5M exploit, vows to improve security

A $5 million hack of Ankr protocol on Dec. 1 was caused by a former team member, according to a Dec. 20 announcement from the Ankr team. The ex-employee conducted a “supply chain attack” by putting malicious code into a package of future updates to the team’s internal software. Once this software was updated, the malicious code created a security vulnerability that allowed the attacker to steal the team’s deployer key from the company’s server. After Action Report: Our Findings From the aBNBc Token Exploit We just released a new blog post that goes in-depth about this: https://t.co/fyagjhODNG A pic.twitter.com/d6psUbpxNY …

Defi / Dec. 21, 2022

Raydium announces details of hack, proposes compensation for victims

The team behind the Raydium decentralized exchange (DEX) has announced details as to how the hack of Dec. 16 occurred and offered a proposal to compensate victims. According to an official forum post from the team, the hacker was able to make off with over $2 million in crypto loot by exploiting a vulnerability in the DEX’s smart contracts that allowed entire liquidity pools to be withdrawn by admins, despite existing protections being to prevent such behavior. The team will use its own unlocked tokens to compensate victims who lost Raydium tokens, also known as RAY. However, the developer does …

Defi / Dec. 21, 2022

Crypto exploit losses in January see nearly 93% year-on-year decline

Aside from the bullish crypto market rally in January, there’s been more positive industry news as the month saw a decline in losses from exploits compared to the same time last year. According to data from blockchain security firm PeckShield on Jan. 31, there were $8.8 million in losses from crypto exploits in January. There were 24 exploits over the month, with $2.6 million worth of crypto being sent to mixers such as Tornado Cash. The breakdown of assets sent to mixers includes 1,200 Ether (ETH) and around 2,668 BNB (BNB). The January figures are 92.7% lower than the $121.4 …

Defi / Feb. 1, 2023