Market

CowSwap Hacked Cause $200,000 Stolen Through A Security Vulnerability

Key Points:

  • CowSwap hacked and caused the decentralized exchange to lose about $200,000.
  • Most analysis suggests that the vulnerability lies in the SwapGuard contract licensing “unlimited” to various tokens.
  • The hacker transferred most of the money to the Tornado Cash mixer to erase the traces.
CowSwap hacked this morning through a security hole. Estimated damages ranged from $200,000, and most of the money was transferred to the Tornado Cash crypto mixer to remove traces.

As discovered, the attacker’s wallet address was added to the Solver list, the middle third party to connect purchases on CowSwap’s platform, by the multisig admin wallet. The attacker wallet then adopted the SwapGuard contract to extract DAI.

This process takes place off-chain to avoid unnecessary costs for users. However, in his analytical tweet series, the smart contracts.eth account said this turned out to be a bottleneck for the product’s design.

Most analysis currently suggests that the vulnerability lies in the fact that the SwapGuard contract grants “unlimited” permission to a variety of tokens, making it possible for an attacker to hack into and withdraw funds from the GPv2Settlement contract.

The attacker has now transferred 551 BNB to Tornado Cash to remove the traces. This amount corresponds to $181,000 in damages.

551 BNB transferred to Tornado Cash

Faced with information, the project only said that the above vulnerability is related to the contract to manage transaction fees collected for the product. The above agreement does not affect the user’s assets. Besides, details of the hack are yet to be revealed.

CowSwap is a Meta DEX aggregator that allows users to buy and sell tokens using peer-to-peer settled gas-free orders between its users or to any online source of liquidity any route while providing MEV protection.

The current Dex transaction aggregator relies entirely on third-party liquidity, which can reduce slippage and improve trading efficiency, but still incur transaction fees.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Foxy

Coincu News

Andy

Share
Published by
Andy
Tags: # CryptocurrenciescryptohackSecurity Vulnerabilities
1 year ago

Recent Posts

Binance.US in Washington Will Suspend Services on August 20

Binance.US in Washington will halt operations on August 20, 2024, due to regulatory issues.

38 mins ago

Spot Ethereum ETF Approval Is Now Progressing Smoothly, SEC Chair Says

SEC Chair Gary Gensler stated that the spot Ethereum ETF approval is progressing smoothly.

1 hour ago

Minutes Network closes in on its first 1.2 billion users with Smart Energy Water

London, United Kingdom, 25th June 2024, Chainwire

7 hours ago

GolfN Tees Up Play-to-Earn Golf Following $1.3M Pre-Seed Raise

Chicago, United States, 25th June 2024, Chainwire

8 hours ago

Empathy and Employee Wellbeing: Creating a Supportive Work Atmosphere | WEWE Global Insights

At WEWE Global, we understand the transformative power of empathy and its vital role in…

12 hours ago

Nubank Bitcoin Lightning Network Will Be Integrated For Its 100 Million Customers

Nubank Bitcoin Lightning Network will be integrated through a partnership with Lightspark to offer near…

12 hours ago

This website uses cookies.