1 year ago
Security steadfast PeckShield reported that the hacker successfully drained astir 551 BNB disconnected CoW Swap into Tornado Cash, which was worthy astir $181,600 astatine the clip of writing.
86 Total views
1 Total shares
Own this portion of past
Collect this nonfiction arsenic an NFT
Decentralized speech (DEX) protocol CoW Swap precocious suffered an attack, losing astatine slightest 550 BNB (BNB) successful a declaration exploit that approved money transfers from the protocol.
Blockchain surveyor MevRefund flagged the lawsuit and detected that the funds seemed to beryllium moving distant from CoW Swap. The MEV searcher warned the DEX and its users of the exploit successful a Twitter thread.
@CoWSwap your funds look to beryllium moooving distant ...https://t.co/li1NkXNeUp
— MevRefund (@MevRefund) February 7, 2023According to the Smart declaration auditing steadfast BlockSec, a wallet address was added arsenic a “solver” of CoW Swap by a multisig. Then, the code invoked the transaction to o.k. DAI (DAI) to SwapGuard, which past led to SwapGuard transferring DAI from the CoW Swap colony declaration to different addresses.
Blockchain information steadfast PeckShield estimated that astir 551 BNB was lost, worthy $181,600 astatine the clip of writing. After stealing the assets, the hacker moved the funds to the infamous crypto mixer Tornado Cash.
Flowchart showing question of stolen funds from CoW Swap. Source: PeckShieldDuring the attack, immoderate members of the assemblage panicked and urged users to revoke approvals from the DEX. However, the decentralized concern (DeFi) protocol said that this isn’t necessary.
We are alert of an contented that has impacted the fees that CoW Protocol has collected implicit the past week.
We person mitigated the contented and are conducting an investigation.
Traders are successful nary mode affected.
More details to follow.
According to CoW Swap, the colony declaration which was exploited lone has entree to the fees that the protocol collected successful a week. The squad said that it is incapable to straight entree idiosyncratic funds without an bid signed by users.
CoW Swap has not yet responded to Cointelegraph's petition for comment.
Related: Scam alert: MetaMask warns crypto users astir code poisoning
Meanwhile, contempt the hacks that situation DeFi, the abstraction has had a prolific commencement successful 2023 according to a study from DappRadar. Data showed that protocols saw important maturation successful their full worth locked successful the period of January.
In different news, the United Nations besides reported that North Korean hackers person stolen much crypto successful 2022 compared to different years. The study estimates that hackers linked to North Korea were liable for astir $630 cardinal to $1 cardinal successful stolen crypto assets past year.
English (US) 