Market

CowSwap Hacked Cause $200,000 Stolen Through A Security Vulnerability

Key Points:

  • CowSwap hacked and caused the decentralized exchange to lose about $200,000.
  • Most analysis suggests that the vulnerability lies in the SwapGuard contract licensing “unlimited” to various tokens.
  • The hacker transferred most of the money to the Tornado Cash mixer to erase the traces.
CowSwap hacked this morning through a security hole. Estimated damages ranged from $200,000, and most of the money was transferred to the Tornado Cash crypto mixer to remove traces.

As discovered, the attacker’s wallet address was added to the Solver list, the middle third party to connect purchases on CowSwap’s platform, by the multisig admin wallet. The attacker wallet then adopted the SwapGuard contract to extract DAI.

This process takes place off-chain to avoid unnecessary costs for users. However, in his analytical tweet series, the smart contracts.eth account said this turned out to be a bottleneck for the product’s design.

Most analysis currently suggests that the vulnerability lies in the fact that the SwapGuard contract grants “unlimited” permission to a variety of tokens, making it possible for an attacker to hack into and withdraw funds from the GPv2Settlement contract.

The attacker has now transferred 551 BNB to Tornado Cash to remove the traces. This amount corresponds to $181,000 in damages.

551 BNB transferred to Tornado Cash

Faced with information, the project only said that the above vulnerability is related to the contract to manage transaction fees collected for the product. The above agreement does not affect the user’s assets. Besides, details of the hack are yet to be revealed.

CowSwap is a Meta DEX aggregator that allows users to buy and sell tokens using peer-to-peer settled gas-free orders between its users or to any online source of liquidity any route while providing MEV protection.

The current Dex transaction aggregator relies entirely on third-party liquidity, which can reduce slippage and improve trading efficiency, but still incur transaction fees.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Foxy

Coincu News

Victor

Share
Published by
Victor
Tags: # CryptocurrenciescryptohackSecurity Vulnerabilities
2 years ago

Recent Posts

UK-compliant Digital Bank Revolut Now Supports BNB Trading

London-based digital bank Revolut has added Binance's cryptocurrency BNB to its offerings, expanding its crypto…

1 hour ago

Qubetics Rockets Past $7.2M in Presale, Near Protocol Investors Eye Blockchain Growth, and XRP Gains Momentum with RLUSD Launch—Your Guide to the Best Coins with 100x Potential in December 2024

Explore why Qubetics, Near Protocol, and XRP are the best coins with 100x potential in…

3 hours ago

FOMO Alert: Missed Notcoin? BTFD Coin’s Presale Is Your Redemption

The presale for BTFD Coin is your second chance. Missed Notcoin? Here’s how you can…

6 hours ago

Metaplanet Ordinary Bonds Worth ¥5 Billion Issued to Boost Bitcoin Holdings

Metaplanet Ordinary Bonds issuing mirrors MicroStrategy's approach, making the company a notable player in the…

6 hours ago

BlackRock Bitcoin Ad Causes Controversy For Denying 21 Million Supply

BlackRock Bitcoin ad included a controversial disclaimer suggesting that the 21 million BTC supply cap…

7 hours ago

New El Salvador Bitcoin Purchase Boosted With 11 BTC

El Salvador Bitcoin accumulation continues, even after an agreement of a $1.4 billion loan with…

7 hours ago

This website uses cookies.