- CoW Swap is the victim of the latest DeFi exploit, with the hacker stealing over $180,000 worth of crypto.
- The hacker exploited a smart contract in the “solvers competition” of CoW Swap.
- Despite the exploit, CoW Swap says neither the protocol nor its users suffered any loss.
CoW Swap, a decentralized exchange (DEX), has become the latest DeFi protocol to be exploited after a hacker drained a settlement contract containing its protocol fees, looting over $180,000 worth of crypto.
CoW Swap Suffers DeFi Exploit
Trong cuộc tấn công không bao giờ kết thúc vào giao thức DeFi, CoW Swap đã trở thành nạn nhân mới nhất. Việc khai thác xảy ra ngày hôm qua lần đầu tiên được phát hiện bởi MevRefund giám sát trên chuỗi và được xác nhận bởi nhóm CoW Swap.
Theo CoW Swap, hacker đã khai thác “một người giải quyết bên ngoài và sử dụng nó để tiêu hao hợp đồng thanh toán, vốn nắm giữ 7 ngày phí giao thức”.
Công ty phân tích blockchain Nansen báo cáo rằng kẻ khai thác đã đánh cắp khoảng $180.000. Theo báo cáo, hacker hợp nhất các quỹ thành hai ví chứa 123.000 USD DAI, 50.000 USD BNB, và 7.400 USD ETH.
Hoán đổi CoW không bị mất mát
Although CoW Swap confirmed the exploit, the team noted that none of its users were affected. The team also noted that no funds were stolen from the protocol during the exploit.
While over $180,000 was confirmed stolen, the CoW Swap team explained that the solver’s bond would pay for all damages. This means that the protocol did not suffer any direct loss from the exploit. The team tweeted:
Last night, a hacker exploited an external solver and used it to drain the settlement contract, which held 7 days worth of protocol fees.
Users are not affected since we never hold user funds (!)
Neither Cow Swap is affected: The solver’s bond will pay for all damages.
A 🧵👇
— CoW Swap | Better than the best prices (@CoWSwap) February 7, 2023
function lazyTwitter(){var i=function(t){if(!t)return;var n=t.getBoundingClientRect();return 2500>n.top||-2500>n.top};if(!i(document.querySelector(“.twitter-tweet”)))return;var s=document.createElement(“script”);s.onload=function(){};s.src=”//platform.twitter.com/widgets.js”;document.head.appendChild(s);document.removeEventListener(“scroll”,lazyTwitter);document.removeEventListener(“touchstart”,lazyTwitter);console.log(“load twitter widget”)}document.addEventListener(“scroll”,lazyTwitter);document.addEventListener(“touchstart”,lazyTwitter);lazyTwitter()
CoW Swap bị khai thác như thế nào?
CoW Swap engages in a so-called “solver competition” where external parties compete to find the best execution route for their users. The team said the exploiter entered the competition ten days ago.
The exploiter hacked the smart contract to allow anyone to transfer from the settlement contract. They then tricked the DEX GPv2Settlement contract to approve SwapGuard for DAI spending.
The hacker would return to trigger SwapGuard to transfer the DAI from the GPv2Settlement contract. During the attack, community members urged users to revoke approvals from the DEX. Cow Swap responded that it wasn’t necessary.
No losses were recorded because CoW Swap is protected from solver exploits by the solver bonding pools. CoW Swap also adds that all the approvals for the bad contract have been revoked, adding that no more malicious actions were possible.
Trên Flipside
- MevRefund has also reported that others have been using the same technique to try and steal the funds remaining in the pool.
Tại sao bạn nên quan tâm
The more sophisticated framework of CoW Swap kept it from being the latest to suffer a loss after being exploited by hackers.
Find more recent DeFi hacks below:
Lending Protocol BonqDAO Loses $120 Million to Hackers
You may also be interested in:
Ways Blockchain Can Be Hacked
