DeFi Hacker Milks Over $180,000 Worth of Crypto from CoW Swap DEX
CoW Swap, a decentralized exchange (DEX), has become the latest DeFi protocol to be exploited after a hacker drained a settlement contract containing its protocol fees, looting over $180,000 worth of crypto. In the never-ending attack on DeFi protocols, CoW Swap has become the latest victim. The exploit which happened yesterday was first spotted by the on-chain sleuth MevRefund and confirmed by the CoW Swap team. According to CoW Swap, the hacker exploited “an external solver and used it to drain the settlement contract, which held seven days’ worth of protocol fees.” The blockchain analytical firm Nansen reported that the exploiter stole roughly $180,000. According to the report, the hacker consolidated the funds into two wallets containing $123,000 DAI, $50,000 BNB, and $7,400 ETH. Although CoW Swap confirmed the exploit, the team noted that none of its users were affected. The team also noted that no funds were stolen from the protocol during the exploit. While over $180,000 was confirmed stolen, the CoW Swap team explained that the solver’s bond would pay for all damages. This means that the protocol did not suffer any direct loss from the exploit. The team tweeted: Last night, a hacker exploited an external solver and used it to drain the settlement contract, which held 7 days worth of protocol fees. CoW Swap engages in a so-called “solver competition” where external parties compete to find the best execution route for their users. The team said the exploiter entered the competition ten days ago. The exploiter hacked the smart contract to allow anyone to transfer from the settlement contract. They then tricked the DEX GPv2Settlement contract to approve SwapGuard for DAI spending. The hacker would return to trigger SwapGuard to transfer the DAI from the GPv2Settlement contract. During the attack, community members urged users to revoke approvals from the DEX. Cow Swap responded that it wasn’t necessary. No losses were recorded because CoW Swap is protected from solver exploits by the solver bonding pools. CoW Swap also adds that all the approvals for the bad contract have been revoked, adding that no more malicious actions were possible. The more sophisticated framework of CoW Swap kept it from being the latest to suffer a loss after being exploited by hackers. Find more recent DeFi hacks below: You may also be interested in:
CoW Swap Suffers DeFi Exploit
CoW Swap Didn’t Suffer Any Loss
Users are not affected since we never hold user funds (!)
Neither Cow Swap is affected: The solver's bond will pay for all damages.
A How Was CoW Swap Exploited?
On the Flipside
Why You Should Care
Lending Protocol BonqDAO Loses $120 Million to Hackers
Ways Blockchain Can Be Hacked
Read more: https://dailycoin.com/defi-hacker-milks-180000-crypto-from-cow-swap-dex/
Text source: DailyCoin.com
