Security firm PeckShield reported that the hacker successfully drained roughly 551 BNB off CoW Swap into Tornado Cash, which was worth around $181,600 at the time of writing.
Decentralized exchange (DEX) protocol CoW Swap recently suffered an attack, losing at least 550 BNB in a contract exploit that approved fund transfers from the protocol.
Blockchain surveyor MevRefund flagged the event and detected that the funds seemed to be moving away from CoW Swap. The maximal extractable value (MEV) searcher warned the DEX and its users of the exploit in a Twitter thread.
According to the smart contract auditing firm BlockSec, a wallet address was added as a “solver” of CoW Swap by a multisig. Then, the address invoked the transaction to approve DAI 
$1.00 to SwapGuard, which led to SwapGuard transferring DAI from the CoW Swap settlement contract to other addresses.
Blockchain security firm PeckShield estimated that around 551 BNB was lost, worth $181,600 at the time of writing. After stealing the assets, the hacker moved the funds to the infamous crypto mixer Tornado Cash.
During the attack, some community members panicked and urged users to revoke approvals from the DEX. However, the decentralized finance (DeFi) protocol said this isn’t necessary.
