CoW Swap said it suffered no loss – despite $166k exploit

Decentralized exchange (DEX) protocol CoW Swap confirmed that it was exploited for $166,000 by a hacker who drained a settlement contract containing its protocol fees.

Meanwhile, blockchain analytical firm Nansen reported that the exploiter stole roughly $180,000 — the funds were consolidated in two wallets containing at least $123,000 DAI, $50,000 BNB and $7,400 ETH.

The exploit was first spotted by blockchain surveyor MevRefund.

CoW Swap details exploit

The decentralized exchange said an external party that had access to its settlement contract had set approval to a “bad contract” 10 days ago.

The hacker exploited this approval as the bad contract allowed anyone to transfer from the settlement contract.

Blockchain security firm PeckShield corroborated CoW Swap’s explanation. The DEX GPv2Settlement contract was tricked ten days ago to approve SwapGuard for DAI spending, according to the firm.

The exploiter later triggered SwapGuard to transfer the DAI from the GPv2Settlement contract. Through this compromise, anyone could issue an arbitrary call on the contract.

CoW Swap said it suffered no loss

Despite the $166,000 exploit, CoW Swap said it is not suffering any losses as its solver’s bond will pay for all damages.

“Potential damages are capped at the weekly revenue of the protocol + are protected by the solver bonding pools.”

The DEX added that none of its users’ funds were impacted because it does not hold their funds.

The protocol said all the approvals for the bad contract had been revoked, adding that no more malicious actions were possible.

Users do not need to revoke approvals because the hacker “cannot access user funds directly without providing an order signed by the user and giving them at least their limit-buy amount in return,” CoW Swap added.

Posted In: DeFi, DEX, Hacks
Bookmark (0)
ClosePlease loginn

Related Posts

A sincere thank you to our valuable sponsors: CoinDesk, Nexo and 1inch

A sincere thank you to our valuable sponsors: CoinDesk, Nexo and 1inch

Discover the cutting-edge services of CoinDesk and Nexo, the leading names in crypto and blockchain, and unlock the full potential of your digital assets.

Bookmark (0)
ClosePlease loginn
U.S. government sold over 9k BTC for $215.7M on March 14

U.S. government sold over 9k BTC for $215.7M on March 14

The US government said it plans to liquidate over 40,000 Bitcoin in four batches during this calendar year.

Bookmark (0)
ClosePlease loginn
Justin Sun’s Grenada ambassadorship to WTO ends

Justin Sun’s Grenada ambassadorship to WTO ends

Grenada’s local media reported that Justin Sun had been recalled after the political party that appointed him lost elections in June 2022.

Bookmark (0)
ClosePlease loginn
More than 50% of Bitcoin mining uses renewable energy

More than 50% of Bitcoin mining uses renewable energy

Almost a quarter of all Bitcoin miners use water to power their setups, while wind and nuclear are the second and third biggest contributors.

Bookmark (0)
ClosePlease loginn
Bittrex to halt US operations by end of April

Bittrex to halt US operations by end of April

The cryptocurrency exchange will only serve global customers going forward.

Bookmark (0)
ClosePlease loginn
Binance.US transitioning to new bank providers; briefly affecting deposits, withdrawals

Binance.US transitioning to new bank providers; briefly affecting deposits, withdrawals

Many transfer methods, including Signature ACH transfers, are affected.

Bookmark (0)
ClosePlease loginn

Leave a Reply

Your email address will not be published. Required fields are marked *