CowSwap Hacked Cause $200,000 Stolen Through A Security Vulnerability

Key Points:

  • CowSwap hacked and caused the decentralized exchange to lose about $200,000.
  • Most analysis suggests that the vulnerability lies in the SwapGuard contract licensing “unlimited” to various tokens.
  • The hacker transferred most of the money to the Tornado Cash mixer to erase the traces.
CowSwap hacked this morning through a security hole. Estimated damages ranged from $200,000, and most of the money was transferred to the Tornado Cash crypto mixer to remove traces.
CowSwap Hacked Cause $200,000 Stolen Through A Security Vulnerability

As discovered, the attacker’s wallet address was added to the Solver list, the middle third party to connect purchases on CowSwap’s platform, by the multisig admin wallet. The attacker wallet then adopted the SwapGuard contract to extract DAI.

This process takes place off-chain to avoid unnecessary costs for users. However, in his analytical tweet series, the smart contracts.eth account said this turned out to be a bottleneck for the product’s design.

Most analysis currently suggests that the vulnerability lies in the fact that the SwapGuard contract grants “unlimited” permission to a variety of tokens, making it possible for an attacker to hack into and withdraw funds from the GPv2Settlement contract.

The attacker has now transferred 551 BNB to Tornado Cash to remove the traces. This amount corresponds to $181,000 in damages.

CowSwap Hacked Cause $200,000 Stolen Through A Security Vulnerability
551 BNB transferred to Tornado Cash

Faced with information, the project only said that the above vulnerability is related to the contract to manage transaction fees collected for the product. The above agreement does not affect the user’s assets. Besides, details of the hack are yet to be revealed.

CowSwap is a Meta DEX aggregator that allows users to buy and sell tokens using peer-to-peer settled gas-free orders between its users or to any online source of liquidity any route while providing MEV protection.

The current Dex transaction aggregator relies entirely on third-party liquidity, which can reduce slippage and improve trading efficiency, but still incur transaction fees.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Foxy

Coincu News

CowSwap Hacked Cause $200,000 Stolen Through A Security Vulnerability

Key Points:

  • CowSwap hacked and caused the decentralized exchange to lose about $200,000.
  • Most analysis suggests that the vulnerability lies in the SwapGuard contract licensing “unlimited” to various tokens.
  • The hacker transferred most of the money to the Tornado Cash mixer to erase the traces.
CowSwap hacked this morning through a security hole. Estimated damages ranged from $200,000, and most of the money was transferred to the Tornado Cash crypto mixer to remove traces.
CowSwap Hacked Cause $200,000 Stolen Through A Security Vulnerability

As discovered, the attacker’s wallet address was added to the Solver list, the middle third party to connect purchases on CowSwap’s platform, by the multisig admin wallet. The attacker wallet then adopted the SwapGuard contract to extract DAI.

This process takes place off-chain to avoid unnecessary costs for users. However, in his analytical tweet series, the smart contracts.eth account said this turned out to be a bottleneck for the product’s design.

Most analysis currently suggests that the vulnerability lies in the fact that the SwapGuard contract grants “unlimited” permission to a variety of tokens, making it possible for an attacker to hack into and withdraw funds from the GPv2Settlement contract.

The attacker has now transferred 551 BNB to Tornado Cash to remove the traces. This amount corresponds to $181,000 in damages.

CowSwap Hacked Cause $200,000 Stolen Through A Security Vulnerability
551 BNB transferred to Tornado Cash

Faced with information, the project only said that the above vulnerability is related to the contract to manage transaction fees collected for the product. The above agreement does not affect the user’s assets. Besides, details of the hack are yet to be revealed.

CowSwap is a Meta DEX aggregator that allows users to buy and sell tokens using peer-to-peer settled gas-free orders between its users or to any online source of liquidity any route while providing MEV protection.

The current Dex transaction aggregator relies entirely on third-party liquidity, which can reduce slippage and improve trading efficiency, but still incur transaction fees.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Foxy

Coincu News