Search Inside Bitcoins

CoW Swap Dex Hacked – All You Need To Know

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

cow swap hack
cow swap hack

Join Our Telegram channel to stay up to date on breaking news coverage

A hacker stole over $180,000 worth of cryptocurrency from the decentralized exchange, CoW Swap, in the latest DeFi exploit. The attacker targeted a smart contract in CoW Swap’s “solver competition” and drained a settlement contract holding seven days’ worth of protocol fees. The theft was confirmed by CoW Swap, but the team assured that neither the protocol nor its users suffered any loss. How exactly did the CoW Swap hack happen?

CoW Swap stated that no cryptocurrencies were stolen from the protocol or its users and that the solver’s bond would cover the damages, meaning the protocol didn’t suffer any direct loss from the exploit.

“Last night, a hacker exploited an external solver and used it to drain the settlement contract, which held 7 days worth of protocol fees. Users are not affected since we never hold user funds (!) Neither Cow Swap is affected: The solver’s bond will pay for all damages,” Tweeted CoW Swap on February 7.

How the CoW Swap Happened

The attack, which was detected by blockchain investigator MevRefund saw the hacker exploit an external solver to drain the settlement contract containing the protocol fees, worth roughly $180,000.

CoW Swap revealed that an external solver was utilized by the hacker to empty crypto out their settlement contract, which held seven days’ worth of protocol charges. Nansen’s blockchain analysis firm calculated that approximately $180,000 had been stolen and placed into two wallets with $123,000 DAI, $50,00 BNB, and a further $7,400 ETH.

CoW Swap engages in a “solver competition” where external parties compete for the best execution route for their users. The hacker entered the competition ten days ago and exploited the smart contract, allowing for transfers from the settlement contract.

The attacker then triggered the DEX GPv2Settlement contract to transfer DAI from the GPv2Settlement contract. CoW Swap stated that the approvals for the bad contract have been revoked.

Later in the day on February 7, CoW Swap sent out an update on the CoW Swap hack, saying, “The barter solver who got hacked today already refunded the losses it caused, and that the next steps were for the CoW DAO “to decide on the slashing process and to judge whether the Barter Solver can be re-added to the solver competition.”

 

 

Join Our Telegram channel to stay up to date on breaking news coverage

Read next