Posted on February 3, 2023 at 3:46 PM
CoW Swap admits to over 550 BNB theft after a contract exploit
CoW Swap, a decentralized exchange, was the recent victim of a hacking exploit. The contract exploit on the DeFi protocol led to the loss of around 550 BNB. The exploit led to the hacker approving fund transfers from the protocol without authorization.
CoW Swap hacker exploited for over 550 BNB
MevRefund, a blockchain surveying platform, flagged unauthorized transactions. The blockchain surveyor said that the movement of these funds showed that they were being withdrawn from CoW Swap. The platform also warned the DeFi platform and its users that an exploiter was draining funds from the platform.
The tweet by MevRefund also noted the transactions showed that CoW Swap had given authorization to SwapGuard to make arbitrary function calls. The tweet also warned users to refrain from using the DEX until the issue has been resolved.
Another report by BlockSec, a smart contract auditing company, said that a wallet address was added to the DEX as a “solver” of the DEX by a multisig. The wallet address involved in this exploit created a transaction that forced the approval of DAI to SwapGuard. The request prompted SwapGuard to transfer the DAI stablecoin from the CoW Swap DEX settlement contract to other wallet addresses.
According to the PeckShield blockchain security company, around 551 BNB tokens were lost through this exploiter. The stolen BNB tokens are worth more than $181,000 at the ongoing prices. After these assets were stolen, the hacker transferred the funds through the crypto mixer Tornado Cash to hide the transaction details.
Given the high rate at which exploits in the DeFi industry have happened in recent years, the news of the exploit triggered panic in the community. During the exploit, some community members panicked, urging users to reject any approvals that appeared to originate from the DEX.
CoW Swap responded to the news of this exploit, saying that the community did not have to panic and take drastic measures in response to this exploit. The DEX assured its users that it was investigating the matter but had already mitigated the risks.
“We are aware of an issue that has impacted the fees that CoW Protocol has collected over the past week. We have mitigated the issue and are conducting an investigation. Traders are in no way affected. More details to follow,” the company said.
CoW Swap also explained how this exploit might have happened. The DEX said that the exploited settlement contract had access to the fees that the protocol had collected over the past week. The team also added that it could not access user funds without receiving an order signed directly by the users.
The protocol further released a comprehensive analysis of what might have happened. It noted that the protocol engages in a “solver competition” where external parties that compete look for the best execution path for the users. The solvers can access the settlement contract and the fees.
The DEX also added that solvers are added to the competition after setting up a bonding pool slashed by the CoW DAO if there is malicious behavior. The protocol noted that a new solver was added to the competition ten days ago, and after being shortlisted, they approved a “bad contract.”
Rise in DeFi attacks
The DeFi space has grown significantly in recent years, attracting many users across the crypto industry because of the promise of providing better services than the traditional financial sector. However, this growth has come with the increased threat of exploits in the industry.
Nevertheless, these exploits have not prevented the DeFi industry from making a remarkable recovery this year. A report by DappRadar said that these protocols reported a significant increase in the total value locked (TVL) in January. The growth in TVL can be attributed to a recovery in crypto prices since the start of the year.
The North Korean Lazarus hacking group has often been associated with the hacks happening in the DeFi industry. The group was linked to one of the greatest exploits on Sky Mavis’ Ronin Bridge, where more than $600 million was stolen.
According to the United Nations, North Korean hackers stole more cryptocurrencies in 2022 than in any other year. The report further estimates that threat actors from the country stole between $630 million to $1 billion worth of crypto assets in 2022.