CoW Swap hacker milks over 550 BNB using ‘solver’ exploit
Time Stamp: February 7, 2023
3:17 AM
Source Node: 2390876
Republished By Plato
Decentralized exchange (DEX) protocol CoW Swap recently suffered an attack, losing at least 550 BNB (BNB) in a contract exploit that approved fund transfers from the protocol.
Blockchain surveyor MevRefund flagged the event and detected that the funds seemed to be moving away from CoW Swap. The maximal extractable value (MEV) searcher warned the DEX and its users of the exploit in a Twitter thread.
According to the smart contract auditing firm BlockSec, a wallet address was added as a “solver” of CoW Swap by a multisig. Then, the address invoked the transaction to approve DAI (DAI) to SwapGuard, which led to SwapGuard transferring DAI from the CoW Swap settlement contract to other addresses.
Blockchain security firm PeckShield estimated that around 551 BNB was lost, worth $181,600 at the time of writing. After stealing the assets, the hacker moved the funds to the infamous crypto mixer Tornado Cash.
During the attack, some community members panicked and urged users to revoke approvals from the DEX. However, the decentralized finance (DeFi) protocol said this isn’t necessary.
We are aware of an issue that has impacted the fees that CoW Protocol has collected over the past week.
We have mitigated the issue and are conducting an investigation.
Traders are in no way affected.
More details to follow.
— CoW Swap | Better than the best prices (@CoWSwap) February 7, 2023
According to CoW Swap, the exploited settlement contract only has access to the fees that the protocol collected in a week. The team said that it is unable to access user funds without an order signed by users directly.
CoW Swap has not yet responded to Cointelegraph’s request for comment.
Meanwhile, despite the hacks surrounding DeFi, the space has had a prolific start in 2023, according to a report from DappRadar. Data showed that protocols saw significant growth in their total value locked in the month of January.
In other news, the United Nations also reported that North Korean hackers stole more crypto in 2022 compared with other years. The report estimates that hackers linked to North Korea were responsible for around $630 million to $1 billion in stolen crypto assets last year.
CoW Swap hacker milks over 550 BNB using ‘solver’ exploit
Republished By Plato
Decentralized exchange (DEX) protocol CoW Swap recently suffered an attack, losing at least 550 BNB (BNB) in a contract exploit that approved fund transfers from the protocol.
Blockchain surveyor MevRefund flagged the event and detected that the funds seemed to be moving away from CoW Swap. The maximal extractable value (MEV) searcher warned the DEX and its users of the exploit in a Twitter thread.
According to the smart contract auditing firm BlockSec, a wallet address was added as a “solver” of CoW Swap by a multisig. Then, the address invoked the transaction to approve DAI (DAI) to SwapGuard, which led to SwapGuard transferring DAI from the CoW Swap settlement contract to other addresses.
Blockchain security firm PeckShield estimated that around 551 BNB was lost, worth $181,600 at the time of writing. After stealing the assets, the hacker moved the funds to the infamous crypto mixer Tornado Cash.
During the attack, some community members panicked and urged users to revoke approvals from the DEX. However, the decentralized finance (DeFi) protocol said this isn’t necessary.
According to CoW Swap, the exploited settlement contract only has access to the fees that the protocol collected in a week. The team said that it is unable to access user funds without an order signed by users directly.
CoW Swap has not yet responded to Cointelegraph’s request for comment.
Related: Scam alert: MetaMask warns crypto users about address poisoning
Meanwhile, despite the hacks surrounding DeFi, the space has had a prolific start in 2023, according to a report from DappRadar. Data showed that protocols saw significant growth in their total value locked in the month of January.
In other news, the United Nations also reported that North Korean hackers stole more crypto in 2022 compared with other years. The report estimates that hackers linked to North Korea were responsible for around $630 million to $1 billion in stolen crypto assets last year.
Cryptocurrency Trader Convicted Of Fraud For $110 Million Exploit Of Mango Markets – CryptoInfoNet
Bitcoin Pioneer Hal Finney Posthumously Wins New Award Named for Him
Leading Cryptocurrency Exchange Bitalplus, Inheriting Trust and Progress
Top Crypto Exchange Binance Converts $1,000,000,000 Secure Asset Fund From Bitcoin and BNB to Stablecoin USDC – The Daily Hodl
Bitwise CIO believes market has not priced in future demand for Bitcoin post-halving
Ethereum Network Generated $370M in Profit in Q1, as ETH Reclaims $3K
The Race Is On to Mint One of the First Bitcoin Runes – Decrypt
Railgun Among Crypto Market Top Gainers: Why Is RAIL 53% Up?
Brazil Leads in Financial Inclusion across Latin America: Records 70% Debit/Credit Card Usage