• CoW Swap is the latest DeFi protocol to be exploited after a hacker stole over $180,000 worth of crypto.
• The hacker exploited a smart contract in the „solvers competition“ of CoW Swap.
• Despite the exploit, CoW Swap says neither the protocol nor its users suffered any loss.
CoW Swap Suffers DeFi Exploit
CoW Swap, a decentralized exchange (DEX), has become the latest DeFi protocol to be exploited after a hacker drained a settlement contract containing its protocol fees, looting over $180,000 worth of crypto. The exploit which happened yesterday was first spotted by the on-chain sleuth MevRefund and confirmed by the CoW Swap team. According to CoW Swap, the hacker exploited „an external solver and used it to drain the settlement contract, which held seven days‘ worth of protocol fees.“ The blockchain analytical firm Nansen reported that the exploiter stole roughly $180,000 with funds consolidated into two wallets containing $123,000 DAI, $50,000 BNB and $7,400 ETH.
No Loss for Protocol or Users
Despite confirming the exploit, CoW Swap noted that none of its users were affected as no funds were stolen from the protocol during this incident. While over $180k was stolen in total value, the solver’s bond will pay for all damages so there was no direct loss for either CoW Swap or its users.
How Was CoW Swap Exploited?
CoW swap engages in what they call ‘solver competitions’ where external parties compete to find best execution routes for their users. The team said that it appears that an exploiter entered this competition ten days ago before managing to hack into one of their smart contracts allowing them access transfer from a settlement contract and then tricking their DEX GPv2Settlement contract into approving DAI spending via SwapGuard before triggering this platform again to transfer those funds out of GPv2Settlement Contract.
Security Measures Taken By CoWS wap
The team at CoWS wap have taken steps immediately following this security breach so as not to let any similar incidents occur again in future due to increased security measures being taken such as: introducing additional checks around how solvers are authenticated and how they can interact with our contracts; further audits on our codebase; further reviewing our system architecture and risk management process; strengthening our internal processes around security incidents; providing bug bounties for anyone who finds bugs within our codebase; providing more transparency about our system design and tradeoffs we make when designing new features etc..
Summary
In summary this article discussed an attack against decentralized exchange (DEX) called CowSwap resulting in approximately 180 thousand dollars being stolen from their prototocol fees settlement contracts due to an exploit made through one of their smart contracts within their “solvers competition” feature. Despite this attack CowSwap claims neither their prototocol nor any user suffered any losses as all damages were covered by the solver’s bond itself thus leaving them unaffected directly by this incident though they have implemented several extra security measures since then including bug bounties and audits among other things so as not too let similar incidents occur again in future