CoW Swap indicated that attackers had gained control of the website domain that users typically visit before engaging with the protocol. That gave bad actors the opportunity to direct users to a different website where funds could be stolen through the approval of malicious transfers.
Although the compromise didn’t affect CoW Swap’s underlying smart contracts, the protocol appeared to remain frozen three hours after the attack was divulged. Meanwhile, users on Discord reported losses within the project’s official server.
“I don't know what to do anymore,” said one user who claimed that they lost more than $50,000 via CoW Swap’s compromised front end. “I have no money at all.”
Despite apparent frustrations, the scope of losses sustained wasn’t immediately clear.
A pseudonymous member of the CoW Swap team who goes by MooKeeper told Decrypt that reports are actively being investigated and verified. They added that a more complete assessment would be released tomorrow or later this week.
“We have evidence that a small number of users signed malicious approvals for very small amounts,” MooKeeper added.
