{"id":44854,"date":"2023-02-07T05:36:01","date_gmt":"2023-02-07T09:36:01","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=44854"},"modified":"2023-02-07T05:36:08","modified_gmt":"2023-02-07T09:36:08","slug":"hacker-steals-over-550-bnb-from-cow-swap","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/hacker-steals-over-550-bnb-from-cow-swap\/","title":{"rendered":"Hacker steals over 550 BNB from CoW Swap"},"content":{"rendered":"\n
DEX protocol CoW Swap has lost over 550 BNB worth around $181,600 to hackers according to reports by blockchain security firm PeckShield <\/a><\/h5>\n\n\n\n
\"Hacker
Hacker steals over 550 BNB from CoW Swap <\/figcaption><\/figure>\n\n\n\n

In a recent assault, the decentralized exchange (DEX) protocol CoW Swap lost at least 550 BNB \r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a>due to a contract vulnerability that permitted money transfers from the platform.<\/p>\n\n\n\n

MevRefund, a blockchain surveyor, noted the occurrence and noticed that the cash seemed to be departing from CoW Swap. The DEX and its users were alerted to the attack in a discussion on Twitter by the maximum extractable value (MEV) searcher.<\/p>\n\n\n\n

\n

@CoWSwap<\/use><\/svg><\/span><\/a> your funds appear to be moooving away …https:\/\/t.co\/li1NkXNeUp<\/use><\/svg><\/span><\/a><\/p>— MevRefund (@MevRefund) February 7, 2023<\/use><\/svg><\/span><\/a><\/blockquote>

BlockSec, a company that audits smart contracts, claims that a multisig inserted wallet address is a “solver” of CoW Swap. Invoking the transaction to approve DAI DAI to SwapGuard, the address thereafter transferred DAI to other addresses through SwapGuard by invoking the CoW Swap settlement contract's transaction.<\/p>\n\n\n\n

According to blockchain security company PeckShield, 551 BNB were lost, which at the time of writing was valued $181,600. The hacker sent the monies to the notorious cryptocurrency mixer Tornado Cash<\/a> after taking the assets.<\/p>\n\n\n\n

\"\"
Flowchart showing the movement of stolen funds from CoW Swap. Source: PeckShield<\/figcaption><\/figure>\n\n\n\n

Some community members pushed users to cancel DEX approvals during the incident out of fear. The decentralized finance (DeFi) protocol asserted that this is not required.<\/p>\n\n\n\n

\n

We are aware of an issue that has impacted the fees that CoW Protocol has collected over the past week.

We have mitigated the issue and are conducting an investigation.

Traders are in no way affected.

More details to follow.<\/p>— CoW DAO (@CoWSwap) February 7, 2023<\/use><\/svg><\/span><\/a><\/blockquote>

The abused settlement contract, according to CoW Swap, only has access to the fees that the protocol accrued over the course of a week. The team said that without direct instruction from users, it is impossible to access user cash.<\/p>\n\n\n\n

According to research from DappRadar, the DeFi space has had a successful start in 2023 despite the hacks that have surrounded it. Data indicated that protocols' overall value locked in January increased significantly.<\/p>\n\n\n\n

In related news, the UN said that compared to previous years, North Korean hackers<\/a> stole more cryptocurrency in 2022. According to the research, hackers with North Korean ties stole between $630 million and $1 billion worth of cryptocurrency last year.<\/p>\n","protected":false},"excerpt":{"rendered":"

DEX protocol CoW Swap has lost over 550 BNB worth around $181,600 to hackers according to reports by blockchain security firm PeckShield In a recent assault, the decentralized exchange (DEX) protocol CoW Swap lost at least 550 BNB due to a contract vulnerability that permitted money transfers from the platform. MevRefund, a blockchain surveyor, noted […]<\/p>\n","protected":false},"author":12,"featured_media":44877,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11476],"tags":[173,13254,937,10782],"class_list":["post-44854","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacks-and-scams","tag-bnb","tag-cow-swap","tag-hackers","tag-tornado-cash-2"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/02\/image-11.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/44854","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=44854"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/44854\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/44877"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=44854"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=44854"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=44854"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}