CoW Swap Hacked: Decentralized Exchange Aggregator Loses $180,000 to Cyber Attack

CoW Swap, a decentralized exchange aggregator, experienced a hack that led to the theft of an estimated $180,000 worth of digital assets.

CoW Swap is a platform that aggregates liquidity from multiple DEXs, allowing users to access a wider range of trading options and achieve better prices for their trades. However, the recent hack has exposed the vulnerabilities that still exist within the decentralized finance (DeFi) space, despite its growing popularity.

Overview of the Incident

According to reports, the attacker was able to exploit a vulnerability in CoW Swap’s smart contract code, allowing them to drain funds from the platform’s liquidity pool. The hack occurred on February 6th, and CoW Swap quickly responded by suspending all transactions and launching an investigation into the incident.

PeckShield calculated that a hacker siphoned about $180,000 worth of DAI from CoW Swap and then redirected the funds through Tornado Cash to acquire 551 BNB. The attack aimed at GPv2Settlement, a smart contract for trade settlements that forms part of the CoW Swap alpha (GPv2) protocol. The hacker seemingly misled the GPv2Settlement contract’s owner into giving approval to utilize the SwapGuard, which is typically not allowed.

Role of SwapGuard in the Attack

PeckShield states that CoW Swap utilizes SwapGuard, a secondary contract, to confirm and validate swapping outcomes. The permission for arbitrary function calls in SwapGuard may have played a role in the successful attack since it gives anyone with access to the contract the ability to run any function written in its code.

A representative from BlockSec informed The Block that the contract named SwapGuard contains a feature allowing for the transfer of funds to any address. The attacker utilized this public function to move the DAI to their own account.