CoWSwap Loses Over 550 BNB Tokens Through Solver Exploit


The crypto industry has been trying to increase the safety of most crypto assets and protocols using modern technological approaches. However, issues of exploits in the industry are becoming more rampant than before. The bad actors explore diverse methods of hacking crypto tokens. 

A new crypto exploit involving CoWSwap has hit the decentralized finance (DeFi) space. As a result, the decentralized exchange (DEX) lost over 550 BNB tokens through a solver attack. 

CoWSwap Suffered A Smart Contract Hack

The blockchain security firm, PeckShield, was the first to report the exploit on one of CoWSwap’s smart contracts. Subsequently, the DEX has lost approximately 551 BNB tokens worth about $181,600 in the current crypto market prices.

According to its Twitter post, the security company suspected that the fraud on the DEX’s GPv2Settlement contract authorized SwapGuard for DAI spending. Also, it noted a possible vulnerability that might have triggered some fund transfers from the DEX platform. 

Following the first report, MevRefund, a blockchain surveyor, sounded another warning to the decentralized protocol and its users. It noted that the protocol is fast losing funds through transfers from the hacker.

Further, PeckShield revealed that the attacker transferred the crypto tokens to Tornado Cash, the prominent crypto mixer, to conceal the trail.

BlockSec, a smart contract auditing company, gave more details of the exploit on CoWSwap. The auditor pointed out that the DEX received an additional wallet address from multisig as a solver. The address triggered the authorization of the DAI transaction to SwapGuard. Hence, SwapGuard started moving DAI from the CoWSwap settlement contract to other crypto addresses leading to the loss of funds.

This new exploit raised panic among several community members as they advised users of CoWSwap to revoke their approval from the protocol. 

On its part, CoWSwap has reacted to the situation through its official Twitter page calming its customers. It revealed that the exploit affected the fees they collected within the past week, which they stored on the protocol’s settlement contract.

According to the team, the attacker can’t access customers’ funds. It further noted that a user could only lose money when he authorizes an order that includes a limit-buy amount from the potential buyers. Hence, it assured users of the safety of their funds while telling them that they don’t need to revoke approvals.

Crypto Hacks Surge Over The Years

The crypto space has been witnessing an increasing rate of hacks. Notably, the decentralized finance (DeFi) space is the fastest-growing space in the crypto industry due to increased transparency. However, it has suffered more attacks than others.

A recent report from the on-chain analytics firm, Chainalysis revealed that the DeFi protocols had been the primary victims of crypto exploits. In addition, the analytics company noted that crypto hacks in 2022 were the most significant compared to other past years. According to the firm, the crypto space lost about $3.8 billion in 2022.

CoWSwap Loses Over 550 BNB Tokens Through Solver Exploit

Data from Chainalysis further rated DeFi protocols for 82.1% as victims of the cumulative stolen crypto tokens through hacks.

Further, the firm noted that North Korea is associated with the highest crypto hacks as the country has the most extensive record of hacks in 2022 than other years. It reported that North Korea-linked hacks amounted to $1.7 billion in 2022.

Featured image from Pixabay, pixelcreatures chart from TradingView.com