550 BNB lost in contract exploit by decentralized exchange

Recently, the decentralized exchange (DEX) system known as CoW Swap came under assault, resulting in the loss of at least 550 BNB (BNB) due to a contract hack that permitted money transfers away from the platform.

The occurrence was spotted by the blockchain surveyor MevRefund, which also noticed that the cash seemed to be migrating away from the CoW Swap exchange. In a Twitter thread, the maximum extractable value (MEV) searcher sent a warning to the DEX and the users of the exchange about the vulnerability.

A wallet address was reportedly added as a "solver" of CoW Swap by using a multisig, as stated by the company BlockSec, which audits smart contracts. The address then initiated the transaction to authorise DAI (DAI) to SwapGuard, which resulted in SwapGuard transferring DAI from the CoW Swap settlement contract to other addresses. DAI was transferred to other addresses by SwapGuard.

The blockchain security company PeckShield calculated that around 551 BNB, which had a value of $181,600 at the time this article was written, had been stolen. Following the theft of the assets, the hacker sent the money to the famed cryptocurrency mixer Tornado Cash.

During the assault, several members of the community had a momentary moment of fear and advised other users to remove their approvals from the DEX. On the other hand, the protocol for decentralized finance (DeFi) said that this is not required.

A research from DappRadar states that in spite of the hacks that have occurred in relation to DeFi, the industry as a whole has gotten off to a fruitful start in 2023. According to the data collected, the overall value of locked procedures had a considerable increase during the month of January.

In other developments, the United Nations has claimed that cybercriminals operating out of North Korea stole a greater quantity of cryptocurrency in 2022 than to any previous year. According to the findings of the research, cybercriminals with ties to North Korea were responsible for the theft of crypto assets valued at between $630 million and $1 billion in 2017.

Disclaimer: CoW Swap's remarks and the official Twitter announcement have been included to this post after it was modified.