CoW Swap Hit by Multisig Attack: 550 BNB Drained
• CoW Swap, a decentralized finance platform, suffered from a multisig attack on its settlement smart contract.
• Blockchain security auditing firms MevRefund and PeckShield confirmed the exploit.
• BlockSec reported that the threat actor was able to trigger the settlement smart contract and drain 550 BNB into Tornado Cash, an anonymity funnel.
CoW Swap Suffers Multisig Attack
CoW Swap, a decentralized finance platform over which CoW Swap is built, has suffered from a multisig attack on its settlement smart contract. The threat disclosure was first released by MevRefund, a blockchain security researcher and whitehat hacker. Blockchain security auditing firm PeckShield later confirmed the exploit, publicizing the disclosure on Twitter.
Further details into the exploit were explained by BlockSec, a smart contract auditing firm. According to BlockSec, the threat actor’s wallet address was added as a „solver“ of CoW Swap via a multisig. A multisig is a type of crypto-security measure in which more than one party’s cryptographic signature is required to approve a transaction. The attacker then used this access to trigger the settlement smart contract and drain 550 BNB into Tornado Cash, a crypto anonymity funnel that enables users to mask transactions, making it harder for anyone else to trace them.
CoW Swap Response
While CoW Swap has not yet released an official statement on the matter, the protocol’s developers claim that they are already working to fix the vulnerability. The protocol also said that the settlement contract of the exploit can only access fees collected withinweek’s time with user funds secure given how these can only be signed through an order executed bya user. CoW Swap’s team reassured users that their accounts would remain unaffected bythe exploit and they were not required to revoke any prior approvals.
This incident serves as a reminder for all cryptocurrency investors aboutthe importanceof protecting their wallets with strong passwordsand two-factor authentication (2FA). Additionally, using wallets with built-in security features such assubaccounts or multi-signature functionality can help enhance account safety even further and reduce risk of hacks or theft of funds from malicious actors online or offlinelike inthis case with CoW Swapsettlementcontract..
This article is provided for informational purposes only and is not offered or intendedto be used as legal advice , tax advice , investment advice , financial adviceor other formsofadvice .