CoW Swap decentralised exchange loses $166,000 in hack

The MEV-resistant AMM protocol Cow Swap acknowledged an unauthorized withdrawal of cryptocurrencies worth $166,000 as a result of an exploit detected by on-chain analysts.

This got exploited by a hacker last night, moving a total of USD 166K from the settlement contract into their wallet: https://t.co/GydQZb8fPq

Since CoW Swap is protected from solver exploits by the solver bonding pools, CoW Swap is not suffering any losses. pic.twitter.com/0XD97npfIv

— CoW Swap | Better than the best prices (@CoWSwap) February 7, 2023

The attack targeted the settlement contract that collects fees. The project noted that there are no risks to users and there is no need to revoke approvals to use the service.

According to PeckShield, the damage totaled $180,000: $123,000 in DAI, $50,000 in BNB, $7,400 in ETH, distributed across two wallets.

Ten days earlier, the attacker modified the GPv2Settlement smart contract to obtain permission for DAI spending by SwapGuard. This was followed by a trigger. Any user can invoke SwapGuard.

It seems (1) @CoWSwap‘s GPv2Settlement contract has been tricked 10 days ago to approve SwapGuard for DAI spending and (2) SwapGuard was just triggered to transfer out DAI from GPv2Settlement. Here are the two related txs: https://t.co/Tb8Sk5xqMR and https://t.co/JS7ejDhiAs https://t.co/Wpbeq4UoEP pic.twitter.com/oRWIzeOLzz

— PeckShield Inc. (@peckshield) February 7, 2023

Copycats took advantage of the vulnerability.

Copycats have begun fighting over the remaining scraps: https://t.co/2wnn0YCcZX

— MevRefund (@MevRefund) February 7, 2023

Subsequently, the developers revoked all approvals for the compromised contract, preventing further malicious actions. The team updated its version.

Cow Swap — a decentralized exchange with DEX-aggregator features based on Gnosis Protocol v2 (GPv2). The latter aggregates orders into packages (Batch Auctions, BA) and passes them to the solving participants (solvers).

The latter focus on finding the most advantageous market price and are rewarded in Gnosis tokens (GNO). When the best prices are found, the protocol executes the orders in the bundle.

Earlier, on February 3, an unknown attacker conducted an attack on the Orion Protocol, a decentralized platform operating on Ethereum and BNB Chain. The loss totaled $3 million.

Beosin analysts counted 113 attacks on DeFi protocols in 2022. They accounted for 67.6% of hacks in Web3-industry.