The decentralized exchange (DEX) protocol CoW Swap recently suffered an attack; he lost at least 550 BNB (BNB) in a contract exploit that approved protocol fund transfers.
Blockchain pollster MevRefund flagged the event, noting that funds seemed to be moving away from the CoW Swap. The maximum extractable value (MEV) finder warned the DEX and its users of the exploit in a Twitter thread.
@CoWSwap your funds appear to be moooving away …https://t.co/li1NkXNeUp
— MevRefund (@MevRefund) February 7, 2023
@CoWSwap funds seem to be moving…
According to smart contract auditing company BlockSec, a wallet address was added as a CoW Swap “solver” by a multisig. The address then invoked the transaction to approve DAI (DAI) to SwapGuard, which prompted SwapGuard to transfer DAI from the CoW Swap settlement contract to other addresses.
Blockchain security company PeckShield estimated that around 551 BNB were lost, valued at $181,600 at the time of writing. After stealing the assets, the hacker moved the funds to the infamous Tornado Cash cryptocurrency mixer.
During the attack, some community members they panicked and urged users to revoke DEX approvals. However, the decentralized finance (DeFi) protocol said this is not necessary.
We are aware of an issue that has impacted the fees that CoW Protocol has collected over the past week.
We have mitigated the issue and are conducting an investigation.
Traders are in no way affected.
More details to follow.
— CoW Swap | Better than the best prices (@CoWSwap) February 7, 2023
We are aware of an issue that has affected the fees that the CdW Protocol has collected over the past week. We have mitigated the issue and are conducting an investigation. Traders will not be affected. More details shortly.
According to CoW Swap, the exploited settlement contract only has access to the fees that the protocol collected in a week. The team said that it cannot access users’ funds without an order signed directly by the users. The DEX teamexplained his complete analysis of what happened in an official announcement on Twitter. CoW Swap also told Cointelegraph that “user funds are not at risk, and never have been.”
Meanwhile, despite the hacks surrounding DeFi, the space is off to a prolific start in 2023, according to a report from DappRadar. The data showed that the protocols experienced significant growth in their total value locked in the month of January.
In other news, The United Nations also reported that North Korean hackers stole more cryptocurrencies in 2022 compared to other years. The report estimates that hackers linked to North Korea were responsible for around $630 million to $1 billion in stolen crypto assets last year.
Clarification: This article has been updated with feedback from CoW Swap and the official announcement from Twitter.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.