• CoW Swap, a decentralized exchange (DEX), was the latest victim of a DeFi exploit with the hacker stealing over $180,000 worth of crypto.
• The hacker exploited a smart contract in the “solvers competition” of CoW Swap.
• Despite the exploit, CoW Swap says neither the protocol nor its users suffered any loss as they did not hold user funds and solver’s bond will pay for all damages.
Exploit on CoW Swap DEX
CoW Swap, a decentralized exchange (DEX), has become the latest DeFi protocol to be exploited after a hacker drained a settlement contract containing its protocol fees, looting over $180,000 worth of crypto.
Details of Exploit
The exploit which happened yesterday was first spotted by an on-chain sleuth MevRefund and confirmed by the CoW Swap team. According to CoW swap, the hacker exploited „an external solver and used it to drain the settlement contract, which held seven days‘ worth of protocol fees.“ The blockchain analytical firm Nansen reported that roughly $180,000 was stolen by consolidating funds into two wallets containing $123,000 DAI, $50,000 BNB, and $7400 ETH.
No Losses for Protocol or Users
Despite confirming the exploit happened in their system ,the team noted that none of its users were affected as they didn’t hold user funds . The team also noted that no funds were stolen from the protocol during this exploit . While over $180k was confirmed stolen ,the Cow swap team explained that solver’s bond would pay for all damages meaning no direct loss to their protocol.
How Was It Exploited?
Cow swap engages in a so-called “solver competition” where external parties compete to find best execution route for their user’s transactions .The team said exploiter entered this competition 10 days ago . By exploiting smart contract they allowed anyone to transfer from settlement contract & tricked GPv2Settlement contract to approve SwapGuard for DAI spending and returned back to trigger SwapGuard & transfer DAI from GPv2Settlement contract .
Conclusion
This is another incident highlighting vulnerabilities present in DeFi protocols & need for extra security measures even if these protocols say they are secure . We can only hope more such incidents don’t occur and developers continue making sure their protocols remain secure from hackers.