Hackers have hit CoW Swap with a major cyberattack, leading to 550 BNB in stolen funds.
Contract exploits from cybercriminals stole funds from the decentralised exchange (DEX) protocol. This triggered the platform’s maximal extractable value (MEV) searcher and posted the alerts on a Twitter thread.
Smart contract auditing firm BlockSec found that the exploit added a wallet address as a “solver” with a multisig. The address later attempted to approve DAI tokens to SwapGuard. The latter transferred DAI from the CoW Swap settlement contract to the subsequent addresses.
According to blockchain cybersecurity company PeckShied, hackers stole roughly 551 BNB totalling $181,600 to date. They later transferred the stolen money to the cryptocurrency mixer Tornado Cash.
News of the theft sparked outcry from community members, who demanded users revoke the DEX’s approvals.
News of the cyberattacks comes at a time when criminals are set to continue 2022’s trends this year. A CertiK report found that last year was the worst for the crypto industry. Losses topped roughly $3.7 billion using hacks, platform exploits, and scams.