- CoWSwap’s GPv2settlement contract spoofed to validate SwapGuard for DAI spending.
- MevRefund warns against using CoWSwap.
- CoWSwap launches an inquiry and takes preventative measures.
Peckshield, a blockchain security and data analytics firm, reports that someone spoofed CoWSwap’s GPv2settlement contract ten days ago into validating SwapGuard for DAI spending. Later, SwapGuard was activated to move DAI out of GPv2Settlement.
It seems (1) @CoWSwap‘s GPv2Settlement contract has been tricked 10 days ago to approve SwapGuard for DAI spending and (2) SwapGuard was just triggered to transfer out DAI from GPv2Settlement. Here are the two related txs: https://t.co/Tb8Sk5xqMR and https://t.co/JS7ejDhiAs https://t.co/Wpbeq4UoEP pic.twitter.com/oRWIzeOLzz
— PeckShield Inc. (@peckshield) February 7, 2023
Peckshield continued by saying that the attacker transferred DAI tokens from GPv2Settlement using two wallet addresses. An estimated $180,000 was taken advantage of by the exploiter.
Notably, blockchain expert MevRefund has warned against using CoWSWap until the issue is resolved since the exploiter is still active.
As a result of the occurrence, CoWSwap launched an inquiry into the situation and implemented steps to avoid similar events from occurring in the future. The group also promises to collaborate with the DeFi community to find and fix security holes in the GPv2Settlement contract.
Despite the swift action taken by CoWSwap, the incident has highlighted the importance of responsible token management and the need for DeFi projects to stay vigilant.
It is also important to know that CowSwap is an exchange platform based on Gnosis Protocol version 2. It’s a relatively recent DEX that matches and executes orders using “Coincidence of Wants” as one of its components.
The network made headlines the previous year when it announced the COW token airdrop. This also helped the connected Gnosis chain and its token. After the announcement, the GNO token rose by almost 50%.