{"id":548810,"date":"2023-02-07T11:17:41","date_gmt":"2023-02-07T08:17:41","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/cow-swap-hacker-milks-over-550-bnb-using-solver-exploit\/"},"modified":"2023-02-07T11:17:41","modified_gmt":"2023-02-07T08:17:41","slug":"cow-swap-hacker-milks-over-550-bnb-using-solver-exploit","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/cow-swap-hacker-milks-over-550-bnb-using-solver-exploit\/","title":{"rendered":"# CoW Swap hacker milks over 550 BNB using \u2018solver\u2019 exploit"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2dae6e31efa\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2dae6e31efa\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/cow-swap-hacker-milks-over-550-bnb-using-solver-exploit\/#%E2%80%9D_CoW_Swap_hacker_milks_over_550_BNB_using_%E2%80%98solver_exploit_%E2%80%9C\" >&#8221; CoW Swap hacker milks over 550 BNB using \u2018solver\u2019 exploit &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_CoW_Swap_hacker_milks_over_550_BNB_using_%E2%80%98solver_exploit_%E2%80%9C\"><\/span>&#8221; CoW Swap hacker milks over 550 BNB using \u2018solver\u2019 exploit &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div class=\"post-content\" data-v-4bbf85c5>Decentralized exchange (DEX) protocol CoW Swap recently suffered an attack, losing at least 550 BNB (BNB) in a contract exploit that <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roved fund transfers from the protocol.<\/p>\n<p>Blockchain surveyor MevRefund flagged the event and detected that the funds seemed to be moving away from CoW Swap. The maximal extractable value (MEV) searcher warned the DEX and its users of the exploit in a <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> thread. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/CoWSwap?ref_src=twsrc%5Etfw\">@CoWSwap<\/a> your funds appear to be moooving away &#8230;<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/li1NkXNeUp\">https:\/\/t.co\/li1NkXNeUp<\/a><\/p>\n<p>\u2014 MevRefund (@MevRefund) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/MevRefund\/status\/1622793836291407873?ref_src=twsrc%5Etfw\">February 7, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/BlockSecTeam\/status\/1622823101569572864\">According<\/a> to the smart contract auditing firm BlockSec, a wallet <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/address\/0x55a37a2e5e5973510ac9d9c723aec213fa161919\">address<\/a> was added as a \u201csolver\u201d of CoW Swap by a multisig. Then, the address invoked the transaction to approve DAI (DAI) to SwapGuard, which led to SwapGuard transferring DAI from the CoW Swap settlement contract to other addresses.\u00a0<\/p>\n<p>Blockchain security firm PeckShield <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1622812663561744384\">estimated<\/a> that around 551 BNB was lost, worth $181,600 at the time of writing. After stealing the assets, the hacker moved the funds to the infamous crypto mixer Tornado Cash. <\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/16938318-d65f-419c-9661-d9601fc79c6a.png\"><figcaption style=\"text-align: center;\"><em>Flowchart showing movement of stolen funds from CoW Swap. Source: PeckShield<\/em><\/figcaption><\/figure>\n<p>During the attack, some community members panicked and <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/DefiantDEFI\/status\/1622838818956013568\">urged<\/a> users to revoke approvals from the DEX. However, the decentralized finance (DeFi) protocol said this isn\u2019t necessary.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We are aware of an issue that has impacted the fees that CoW Protocol has collected over the past week. <\/p>\n<p>We have mitigated the issue and are conducting an investigation. <\/p>\n<p>Traders are in no way affected. <\/p>\n<p>More details to follow.<\/p>\n<p>\u2014 CoW Swap | Better than the best prices (@CoWSwap) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/CoWSwap\/status\/1622835089263718402?ref_src=twsrc%5Etfw\">February 7, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to CoW Swap, the exploited settlement contract only has access to the fees that the protocol collected in a week. The team <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/CoWSwap\/status\/1622852472694796288\">said<\/a> that it is unable to access user funds without an order signed by users directly.\u00a0<\/p>\n<p>CoW Swap has not yet responded to Cointelegraph\u2019s request for comment.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Scam alert: MetaMask warns crypto users about address poisoning<\/em><\/strong><\/p>\n<p>Meanwhile, despite the hacks surrounding DeFi, the space has had a prolific start in 2023, according to a report from DappRadar. Data showed that protocols saw significant growth in their total value locked in the month of January. <\/p>\n<p>In other <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a>, the United Nations also reported that North Korean hackers\u00a0stole more crypto in 2022 compared with other years. The report estimates that hackers linked to North Korea were responsible for around $630 million to $1 billion in stolen crypto assets last year. <\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more News articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/cow-swap-hacker-milks-over-550-bnb-using-solver-exploit\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; CoW Swap hacker milks over 550 BNB using \u2018solver\u2019 exploit &#8220; Decentralized exchange (DEX) protocol CoW Swap recently suffered an attack, losing at least 550 BNB (BNB) in a contract exploit that approved fund transfers from the protocol. Blockchain surveyor MevRefund flagged the event and detected that the funds seemed to be moving away&#8230;<\/p>\n","protected":false},"author":1,"featured_media":548811,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/a943c615-e914-4aa5-ae95-77cc2fbab003.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74868,75916,74882,70944],"class_list":["post-548810","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-defi","tag-dex","tag-hacks","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/548810","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=548810"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/548810\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/548811"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=548810"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=548810"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=548810"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}