Security firm PeckShield reported that the hacker successfully drained roughly 551 BNB off CoW Swap into Tornado Cash, worth around $181,600 at the time of the attack.
Blockchain Surveyor Detects Funds Moving Away from CoW Swap
The decentralized exchange (DEX) protocol suffered a contract exploit that approved fund transfers from the protocol. Blockchain surveyor MevRefund flagged the event and detected that the funds seemed to be moving away from CoW Swap.
The MEV searcher warned the DEX and its users of the exploit in a Twitter thread.
Hacker Invokes Transaction to Approve DAI to SwapGuard
According to Smart contract auditing firm BlockSec, a wallet address was added as a “solver” of CoW Swap by a multisig. The address then invoked the transaction to approve DAI to SwapGuard, leading to SwapGuard transferring DAI from the CoW Swap settlement contract to other addresses.
@CoWSwap your funds appear to be moooving away ...https://t.co/li1NkXNeUp
— MevRefund (@MevRefund) February 7, 2023
CoW Swap Lost Around 551 BNB Worth $181,600
PeckShield estimated that around 551 BNB was lost, worth $181,600 at the time of the attack. The hacker moved the stolen assets to the crypto mixer Tornado Cash.
CoW Swap Urges Users Not to Revoke Approvals
During the attack, some members of the community panicked and urged users to revoke approvals from the DEX. However, the decentralized finance (DeFi) protocol said that this isn’t necessary.
We are aware of an issue that has impacted the fees that CoW Protocol has collected over the past week.
— CoW Swap | Better than the best prices (@CoWSwap) February 7, 2023
We have mitigated the issue and are conducting an investigation.
Traders are in no way affected.
More details to follow.
Recommended reading: 5 Tips for Beginner Bitcoin Traders
https://youtu.be/XvxyyfYFaHQ