Loss in CoW Swap Due to Vulnerability in Smart Contract
A recent smart contract vulnerability in the CoW Swap decentralized finance (DeFi) protocol led to a substantial loss of around 551 BNB, or $181,600.
How the Attack Began
A wallet address was allegedly introduced by the attacker to CoW Swap as a “solver,” enabling them to authorize DAI transfers to SwapGuard before transferring the assets to other addresses. The blockchain security company PeckShield discovered the GPv2Settlement contract in CoW Swap had been duped into authorizing SwapGuard for DAI spending within an hour of the attack.
Blockchain Security Platform’s explanation
In-depth analysis by BlockSec revealed that the attacker might authorize transactions by including a wallet address as a multi-sig solver for the protocol. The attacker was also able to authorise transfers to other addresses once the DAI transfer from the settlement contract had been allowed. According to BlockSec, the attack was initiated by the oversight of allowing the maximum value of DAI to SwapGuard, a contract with an arbitrary call interface that was not supposed to have any allowances.
Transfer of Assets to Tornado Cash
BNB, USDT, USDC, and ETH were among the items that were taken using the attack. To date, 551 BNB worth over $181,000 have been sent to the Tornado Cash cryptocurrency mixer, which is authorized by OFAC. Users have been reassured by CoW Swap that there is no need for concern since the stolen monies were the accumulated fees from the previous week.
Hacks in the Crypto World Recently
It’s important to note that the cryptocurrency industry has recently had a number of cyberattacks, with Orion Protocol and BonqDAO being the most recent victims, suffering losses of $3 million and $10 million, respectively.