On February 7th, 2023, CoW Swap was hacked, and digital assets worth around $166,000 was stolen, primarily in DAI & USDT. Cyvers, with our recent breakthrough in blockchain cybersecurity, have developed an algorithm that detects hackers before they can deploy their malicious contracts.
In this article, we analyze the Ethereum side of the hack; CoWSwap's GPv2Settlement contract. We also examine how the Cyvers algorithm works and why it is a game-changer in web3 security.
CoW Swap is a decentralized exchange that uses an automated market maker (AMM) model to facilitate trades. Hackers exploited a vulnerability in the platform's smart contract. The hack was alarming for CoW Swap, resulting in financial losses and causing reputational damage. In addition, the incident raised concerns about blockchain platforms' security and susceptibility to cyberattacks.
As seen in this above flow analysis, the hack included bridging from the Ethereum network to the Binance smart chain and the various smart contract interactions. Marked with red are the hacker wallets/contracts.
Unlike most monitoring solutions that only label wallets that received funding directly from Tornado cash, Cyvers' algorithm labels wallets and entities that received funds from mixers, even in hop 10 in the graph. This allowed us to label the COW exploiter addresses used in the preparation phase, including detecting the malicious contract and, later, the exploitation transactions. Therefore, we got alerted of the activity early on.
Cyvers' algorithm uses graph algorithm to analyze blockchain data and detect patterns that may indicate malicious activity. First, the algorithm creates a graph of transactions and entities and analyses their relationships. The graph represents a network of transactions and entities, and each node in the graph represents a wallet address. Next, the algorithm analyzes the graph to identify patterns of activity that may indicate potential hacking attempts and interactions with mixer services. It does this by looking at the relationships between wallets, such as the flow of funds and the frequency of transactions.
Cyvers' graph algorithm is a game-changer in web3 security because it can detect potential hackers before they can deploy their malicious contracts. By analyzing blockchain data in real time, the algorithm can identify patterns of activity that may indicate potential hacking attempts. This allows companies to take preventive measures and stop attacks before they occur. For example, the algorithm can detect wallets and entities that received funds from mixers, even in hop 10 in the graph, making it much more effective than other monitoring solutions. It is exactly how we detected the Cow hack even before the deployment of a malicious contract!
The recent hack at CoW Swap highlights the need for better blockchain security.
Cyvers' breakthrough algorithm shows that it is possible to detect potential hackers before they can deploy their malicious contracts. Companies can now take preventive measures to protect their assets and their reputation. Cyvers is committed to staying ahead of cybercriminals and keeping our clients safe from potential attacks. This is the next-generation Web3 security. Take active measures and try out our solution.