Scams Radar

Icon-facebook Icon-instagram-1 Tiktok Telegram Whatsapp Youtube Youtube

Incident Overview

CoW Swap DNS attack illustration showing frontend exploit targeting DeFi users through malicious redirection

On April 14, 2026, at approximately 14:54 UTC, CoW Swap’s main frontend domain swap.cow.fi suffered a DNS hijacking. Attackers redirected users to a malicious site designed to steal funds through malicious approvals or transactions. CoW DAO immediately urged users to avoid the platform entirely while they investigated, stating: “We are currently experiencing an issue with the CoW Swap frontend. While we are investigating, please DO NOT use CoW Swap.”

The attack lasted over 90 minutes. CoW DAO confirmed that the backend protocol and APIs were not compromised but were paused as a precaution. The team is working with security experts to regain full control of the domain, which was later locked and made inaccessible. A temporary safe alternative UI was spun up at another URL, but users were warned to exercise extreme caution with any site or account claiming to be CoW Swap.

CoW Swap’s Role in DeFi

CoW Swap is one of Ethereum’s leading DEX aggregators. It finds the best trade routes by comparing multiple DEXs, batches orders via “solvers,” and enables peer-to-peer Coincidence of Wants (CoW) trades to reduce slippage and MEV. It is non-custodial and integrated into major protocols such as Aave and Safe wallet. In the past 30 days, it handled roughly $3.5 billion in volume and has generated about $50 million in lifetime fees. The platform is known for its user-friendly interface and the signature “moo” sound effect on successful trades.

Security Recommendations

CoW DAO strongly advised users who interacted with the site after 14:54 UTC to immediately revoke all token approvals using tools like revoke.cash. No on-chain losses have been confirmed yet, but the frontend nature of the attack means users could have been tricked into signing malicious transactions.

This incident is part of a recurring pattern of frontend/DNS exploits in DeFi (similar to recent attacks on HypurrFi and BONKfun). Smart contracts themselves were unaffected, highlighting that the risk was at the user interface level.

Market Reaction

COW token (the governance token of CoW Protocol) traded at around $0.22, showing a modest +2.5% move amid the news, according to available data. The broader market impact remains limited so far, but the event serves as a reminder of persistent frontend security risks even for well-established DeFi projects.

Reviews:

Leave Your Review Here:

Scams Radar disclaimer highlighting educational purpose, no financial guarantees, risk warnings, and independent opinions.