Hacker Steals $180k Crypto from CoW Swap DEX in DeFi Exploit

Von | 8. Februar 2023

• CoW Swap, a decentralized exchange (DEX), has suffered an exploit resulting in the hacker stealing over $180,000 worth of crypto.
• The hacker exploited a smart contract in the “solver competition” of CoW Swap.
• Though funds were stolen, CoW Swap users were not affected and the solver’s bond will pay for all damages.

CoW Swap DEX Exploit

CoW Swap, a decentralized exchange (DEX), recently experienced an exploit resulting in the theft of over $180,000 worth of crypto. Despite this loss, neither the protocol nor its users suffered any damage as a result of the attack.

Details Of The Exploit

The exploit happened after a hacker accessed a smart contract in CoW Swap’s “solvers competition”. The hacker was able to drain the settlement contract containing protocol fees and loot roughly $180,000 worth of crypto which was consolidated into two wallets containing DAI($123,000), BNB ($50,000) and ETH ($7,400).

CoW Swaps Response

Despite confirming that the exploit had occurred, CoW Swap noted that none of its users were affected and no funds were stolen from the protocol during this incident. They explained that all damages would be paid by solver’s bond which meant that their protocol did not suffer any direct loss from this attack.

How Was The Exploit Carried Out?

The hacker entered a „solver competition“ hosted by CoW swap ten days ago where external parties compete to find the best execution route for their users. By exploiting a smart contract they tricked GPv2Settlement contract to approve swapguard for DAI spending before triggering it to transfer DAI from GPv2Settlement contract.

Conclusion

This DeFi exploit highlights how vulnerable decentralised protocols can be if proper security measures are not taken into account when designing them. Though this incident resulted in significant financial losses for some people involved with CoWSwap it is reassuring to know that no user or protocol funds were lost due to this attack