CoW Swap was hacked for a total of $166,000, malicious contracts have been revoked, and user funds are safe.
Table of Contents
Table of Contents
Hackers Targeting "Slover" Vulnerability
For trades matching external liquidity on the chain, GPv2 introduces the concept of a "searcher slover," which is a third-party tool for protocol integration, attempting to find the best trades on the chain through competition among various parties.
Transactions on CowSwap incur a certain fee, with a portion given to the slover, and each slover can access the settlement contract, where transaction fees from the past week are usually stored.
CoW Swap Hacked Incident
On the evening of 2/7, hackers depleted the funds in the settlement contract through the slover. According to the analysis report released by CoW Swap, a new slover joined the "solver competition."
After being whitelisted, the Barter Solver contract was exploited, and the hackers had a deep understanding of its operation. They waited until the last day for the slover to calculate fee sharing before launching the attack, siphoning off a total of $166,000.
The Barter Solver team has revoked the related malicious contract, and CoW Swap emphasized that user funds are safe because they never custody user assets. They will decide whether to allow Barter Solver back into the competition and have also apologized for the panic caused.
Related
- Uniswap launches Layer 2 designed for DeFi, data reveals Unichain may lead to increased Ethereum inflation.
- MakerDAO renamed to Sky: Behind the Scenes! Account with a six-figure USD value almost fell into the hands of hackers.
- Vitalik Not So Fond of DeFi? Developers Question Contradictory Attitude, Vitalik Reveals DeFi Preferences