Overview
• CoW Swap is the latest DeFi protocol to be exploited, with a hacker stealing over $180,000 worth of crypto.
• The hacker exploited a smart contract in the „solvers competition“ of CoW Swap.
• Despite the exploit, CoW Swap says neither the protocol nor its users suffered any loss as the solver’s bond will pay for all damages.
Exploit Details
CoW Swap is a decentralized exchange (DEX) that recently fell victim to an exploit by a hacker who drained a settlement contract containing its protocol fees, stealing over $180,000 worth of crypto. According to blockchain analytical firm Nansen, the hacker consolidated these funds into two wallets containing $123,000 DAI, $50,000 BNB and $7,400 ETH.
The exploit happened when an external party entered CoW Swap’s „solver competition“ ten days prior and hacked its smart contract to allow anyone to transfer from the settlement contract. Afterward they tricked the DEX GPv2Settlement contract to approve SwapGuard for DAI spending and returned later on to trigger it and transfer all DAI from the GPv2Settlement contract.
Protection Measures Taken
CoW Swap confirmed that despite this incident none of their users were affected as no funds were stolen from their protocol during this exploit. This is because all damages will be paid for by solver’s bond which was set aside for such cases originally. They also took steps by putting out an announcement on Twitter stating: “Users are not affected since we never hold user funds (!) Neither Cow Swap is affected: The solver’s bond will pay for all damages” following up with more in-depth details about this incident in their blog post published shortly after.
What Is CoWSwap?
CoWSwap is a decentralized exchange (DEX) where users can trade tokens without having to trust any centralized entity or third-party service provider with their assets or information. It offers low transaction fees compared to other exchanges and runs on Ethereum’s blockchain network making it secure and reliable at all times. Its “solvers competition” allows external parties compete against each other in order find the best execution route for their users which unfortunately became vulnerable due to this recent exploit incident.
Conclusion
In conclusion although CoWSwap was exploited by hackers who stole over $180K worth of crypto it did not suffer any direct loss because all damages will be covered by solver’s bond originally put aside specifically for such cases like this one while also assuring that none of its users were affected either since they do not store user funds themselves but instead rely only on Ethereum’s blockchain network making them secure and reliable at all times