CoW Swap Suffers Multisig Attack, 550 BNB Drained to Anonymity Funnel

• CoW Swap’s decentralized finance platform suffered from a multisig attack on its settlement smart contract.
• Blockchain security auditing firm PeckShield confirmed the exploit and further details were explained by BlockSec, a smart contract auditing firm.
• CoW Swap has not yet released an official statement, but they claim to be already working towards fixing the vulnerability.

CoW Swap Security Breach

A multisig attack was recently detected on CoW Swap’s settlement smart contract. MevRefund, a blockchain security researcher and whitehat hacker, was first to disclose this threat. Blockchain security auditing firm PeckShield later confirmed the exploit and provided more details into the breach.

Exploit Breakdown

The attacker added their wallet address as a “solver” of CoW Swap via a multisig which allowed them to trigger the settlement smart contract and drain 550 BNB into Tornado Cash, a crypto anonymity funnel that masks transactions. The threat actor then invoked a transaction in order to approve DAI towards SwapGuard which prompted it to transfer DAI from CoW’s Swap settlement contract to different addresses.

Official Statement From CoWSwap

CoWSwap has not yet released an official statement on the matter but they claim that they are already working towards fixing the vulnerability. They also reassured users that their accounts would remain unaffected by the exploit since these can only be signed through an order executed by a user.

Smart Contract Audit Recommendations

All organizations dealing with cryptocurrency should consider getting regular smart contract audits done in order to stay secure from such attacks in future. Smart contracts should also have measures such as multi-signature approvals for any major changes or transfers of funds built into them for better safety protocols.

Disclaimer

This article is provided for informational purposes only and is not offered or intended to be used as legal, tax, investment, financial or other advice.

Related Posts

Crypto Bull Erfahrungen: Ist die Bitcoin Plattform seriös oder Betrug?

Crypto Bull Erfahrungen und Test – Bitcoin Plattform 1. Einführung in Crypto Bull Zur Webseite von Crypto Bull Was ist Crypto Bull? Crypto Bull ist eine innovative…

Immediate Fortune Review: Scam or Legit? Unveiling the Truth of Trading Cryptoc

Immediate Fortune Review – Is it Scam? – Trade cryptocurrencies Open An Account I. Introduction Cryptocurrency trading has become increasingly popular in recent years, with many individuals…

Crowd Millionaire Erfahrungen und Test – Die Bitcoin Plattform für den einfachen Einstieg

Crowd Millionaire Erfahrungen und Test – Bitcoin Plattform 1. Was ist Crowd Millionaire? 1.1 Definition und Hintergrund Crowd Millionaire ist eine Online-Plattform, die es Nutzern ermöglicht, mit…

BitQZ Review: The Ultimate Guide to Trading Cryptocurrencies

BitQZ Review – Is it Scam? – Trade cryptocurrencies Open An Account Introduction In today's rapidly evolving financial landscape, cryptocurrencies have emerged as a popular investment opportunity….

Bitcoin Investor Erfahrungen: Die führende Plattform für den Bitcoin-Handel

Bitcoin Investor Erfahrungen und Test – Bitcoin Plattform 1. Was ist Bitcoin Investor? 1.1. Einführung in Bitcoin Was ist Bitcoin? Bitcoin ist eine digitale Währung, die im…

Is Immediate Iplex the Best Crypto Trading Platform? Find Out in Our Review!

Immediate Iplex Review – Is it Scam? – Trade cryptocurrencies Open An Account Introduction In recent years, the popularity of cryptocurrencies has skyrocketed, attracting both seasoned investors…