DeFi Hack on CoW Swap

• A hacker exploited a smart contract in the „solvers competition“ of CoW Swap and stole over $180,000 worth of crypto.
• The exploit did not affect the users or protocol funds as the solver’s bond would pay for all damage.
• The hacker exploited an external solver to drain the settlement contract which held seven days‘ worth of protocol fees.

Overview

CoW Swap, a decentralized exchange (DEX), has become the latest victim of a DeFi exploit after a hacker managed to steal over $180,000 worth of crypto. Despite the exploit, neither the protocol nor its users suffered any losses as the solver’s bond is set to pay for all damages incurred during the attack.

Exploit Details

The exploit was first spotted by MevRefund and confirmed by CoW Swap’s team. According to Nansen, blockchain analytical firm, the exploiter consolidated their stolen funds into two wallets containing $123,000 DAI, $50,000 BNB and $7,400 ETH. The attack happened through an external solver which entered CoW Swap’s “solver competition” 10 days prior to exploit. The hacker then tricked the DEX GPv2Settlement contract to approve SwapGuard for DAI spending and triggered it to transfer from said contract.

Protocol Security Measures

Despite losing over $180K in crypto assets as a result of this attack, CoW Swap maintained that none of its user funds were affected due to their policy of never holding user funds on-platform. Additionally, they stated that no funds were stolen from their protocol either due to the fact that their solver’s bond will be paying for all damages done during this attack.

Conclusion

This recent attack on CoW Swap serves as yet another reminder about why proper security measures are essential when dealing with cryptocurrencies and other digital assets – even when using trusted exchanges such as DEXs like CoWSwap. As long as protocols remain vigilant with their security procedures and investors take extra precaution when handling digital assets, DeFi hacks can still be avoided in future operations.