CoW Swap Announces Attack Incident: Domain Subject to Social Engineering Attack; Control of cow.fi Domain Has Been Regained

CoW Swap announced on X that it has regained control of the cow.fi domain and has been operating normally on cow.finance for some time, with a gradual transition back to the original domain now underway. The official statement explained that on April 14, attackers deceived the DNS registrar with forged documents to seize control of the cow.fi domain. They then deployed a highly realistic phishing site in two stages: first, luring users into signing malicious transactions via a wallet drainer; second, stealing seed phrases and passwords through fake wallet pop-ups. This attack targeted the domain registrar—not CoW Swap’s own infrastructure or private key security. Affected users should revoke all approvals using tools such as Revoke.cash and consider transferring funds to a new wallet.