• CoW Swap, a decentralized exchange (DEX), was recently exploited by a hacker who drained a settlement contract containing its protocol fees, looting over $180,000 worth of crypto.
• The exploit happened through an external solver competition and the hacker consolidated the funds into two wallets containing DAI, BNB, and ETH.
• However, CoW Swap confirmed that neither their protocol nor users suffered any loss since the solver’s bond would pay for all damages.
CoW Swap Exploited in DeFi Attack
A hacker has recently stolen over $180,000 worth of crypto from CoW Swap, a decentralized exchange (DEX). The exploit happened yesterday and was first spotted by on-chain sleuth MevRefund and later confirmed by CoW Swap.
Exploit Details
The hacker exploited an external solver involved in a “solvers competition” on CoW Swap to drain its settlement contract containing 7 days worth of protocol fees. According to blockchain analytical firm Nansen, the hacker consolidated the funds into two wallets containing DAI ($123K), BNB ($50K) and ETH ($7.4K).
No Loss Suffered By Users or Protocol
Despite the attack on the DeFi protocol being successful, CoW Swap confirmed that neither their users nor the protocol itself suffered any loss as the solver’s bond would be used to cover all damages caused by this exploit.
How Was It Exploited?
CoW Swap engages in solvers competitions with external parties competing to find the best execution route for their users. The exploiter had entered this competition ten days ago before hacking its smart contract to allow anyone to transfer from its settlement contract. They then tricked the DEX GPv2Settlement contract to approve SwapGuard for DAI spending before returning again to trigger it and transfer DAI from GPv2Settlement contract.
Conclusion
The attack on DeFi protocols continues with CoW swap becoming one of its latest victims after losing over $180k worth of crypto due to an exploit within its external solvers competition. However due to precautions taken by CoW swap neither it nor its users suffered any direct losses as they were covered by bonds held in place for such cases.