CoW Swap Loses $180K Worth Of Crypto In A Major Hack
A DEX aggregator named CoW Swap has recently been exploited. The hacker has drained more than $180,000 worth of funds. As per the reports, a minimum amount of $123k in DAI, $7,400 worth in ETH tokens, and $50k in BNB tokens were recently being exploited on CoW Swap. PeckShield Inc. (a blockchain security firm) disclosed the news on its official Twitter account.
CoW Swap Gets Exploited with a Drainage of $180,000
The exploiter appears to have utilized the GPv2Settlemetn contract of CowSwap. Ten days back, the hacker tricked GPv2Settlement into authorizing SwapGuard to carry out DAI spending. SwapGuard is a 2nd contract that CoW Swap utilizes for assisting and validating swap results. With the successful approval, the exploiter remained successful in carrying out the malicious operations.
A spokesperson from BlockSec (another blockchain security platform) stated that the SwapGuard contract has a function through which the funds can be transferred to any other address. In this way, SwapGuard was triggered to transact DAI tokens from GPv2Settlement. With the SwapGuard operation, anyone can have permission to perform arbitrary operation calls.
At present, the exploited amount is more than $180,000. It is reported that the hacker was active a few hours back. As per the reports, the others are utilizing the same exploit to take away the remaining funds. As mentioned by the team of CoW Swap, the exploited settlement contract just provides access just to the fees gathered by the platform in one week.
In the words of the team, the exploiter remained unsuccessful in directly accessing the consumer funds. It added that a security breach was experienced by it following the exploitation of a solver account by the hacker. A solver account is a participant devoted to offering the finest trade prices to consumers.
This exploit turns out to be another event orchestrated by hackers in the world of decentralized finance (DeFi). The DeFi market witnessed the exploitation of billions in the previous year. In addition to this, the year 2023 has in advance seen many such incidents. CoW Swap is considered to be a very unique DEX aggregator that utilizes the “Coincidence of Wants” as included in its method of executing and matching orders.
It makes the combination of both the off-chain and on-chain transfers for the execution of the orders. One of the chief objectives of CoW Swap is to offer the best prices to clients across the platform. CoW Swap is unique in comparison with the rest of the DEXs as its consumers do not need to perform trades on their own. Rather, customers ink a trade contract for the exchange of 2 tokens at a certain price.
The company got a lot of attention among headlines in the year 2022 when it released an airdrop comprising its COW tokens. The linked Gnosis chain as well as its GNO token additionally leveraged the respective airdrop. As a result of this, an upsurge of more than 50% was experienced by the GNO token following the declaration.
CoW Swap’s Team Says the User Funds Are Secure
In reaction to the current exploit, CoW Swap instantly revoked the entirety of approvals for the impacted contract. The team additionally asserted that the funds of the consumers were secure. Those who reported the event advised that the consumers should not utilize the platform till the matter gets resolved.
Tokenhell produces content exposure for over 5,000 crypto companies and you can be one of them too! Contact at [email protected] if you have any questions. Cryptocurrencies are highly volatile, conduct your own research before making any investment decisions. Some of the posts on this website are guest posts or paid posts that are not written by Tokenhell authors (namely Crypto Cable , Sponsored Articles and Press Release content) and the views expressed in these types of posts do not reflect the views of this website. CreditInsightHubs is not responsible for the content, accuracy, quality, advertising, products or any other content or banners (ad space) posted on the site. Read full terms and conditions / disclaimer.