The Defi platform's cow protocol loses over 550 BNB through Contract Exploit

Veröffentlicht: 07. Februar 2023, 21:10 Uhr

Von: Krypto News Österreich

The decentralized financial protocol (Defi) COW Swap has suffered a Smart Contract Exploit that led to a loss of around 551 BNB ($ 181,600).

reported that the attacker added a wallet address as a "solver" of COW SWAP and called on a transaction to approve DAI transmissions to Swapguard before postponing assets to other addresses.

a settlement contract exploit

The blockchain expert Mevrefund noticed the attack for the first time in the early morning hours of today. The viewfinder for maximum extractable values (MEV). tweeted that the money is moved by cow swap and added and added that the protocol's swapguard function had been approved and it allowed everyone to make "arbitrary functional calls".

within an hour, blockchain security company Peckshield that the GPV2Settle Cow swap was knitted ten days ago, which approved Swapguard for DAI editions.

At the time of the exploit, the attacker has just prompted the swapguard to transfer the GPV2Settlegut contract.

In a more detailed explanation, the blockchain security platform Blocksec announced that the attacker had added a wallet address as a solver of the protocol through the multi-sig, i.e. the option of approving the transactions. Since the DAI transmission was approved from the comparison contract, the user was also able to approved transfers to any addresses.

"A lesson. A contract with the interface for any view should not have a permit, 0x55a37a2e5973510ac723aec213fa161919 made the error and approved the maximum value of DAI for swapguard, which is the main cause of the attack" Rel = "Nofollow Noopener" Target = "_ Blank" href = "https://twitter.com/blocksecteam/status/1623101569572864" Data-Wpel-Link = "External"> called "S1"> called .

Over 181,000 USD were postponed in Tornado Cash

The tokens that are transferred to the address of the exploiter are BNB, USDT, USDC and ETH. So far, around 551 BNB worth over $ 181,000 has been transferred to the OFAC-sanctioned crypto mixer Tornado Cash.

Kuh Exchange pushed Users do not have to worry because the stolen funds were the accumulated fees of the COW protocol from last week. The platform said the problem had been mitigated and is currently being examined.

The COW protocol is the latest Defi platform that has to suffer from daring hacker this month. This reported Cryptopotato last week Orion Protocol and bonqdao , which led to a loss of $ 3 million or $ 10 million