News Heat Trend
Project Overview
CowSwap is a DEX aggregator that allows traders to trade with MEV protection. CoW Protocol matches trades via batch auctions for a variety of on-chain liquidity sources, resulting in better prices for individual traders and offering big savings in terms of gas fees optimization and liquidity provider fees.
CoW Swap Releases Post-Mortem Report on Attack: cow.fi Domain Hijacking Resulted from Supply Chain Attack on Registration Pipeline; Preliminary Estimate of User Losses Is Approximately $1.2 Million
According to an official incident post-mortem report on the CoW Swap attack, its domain cow.fi was compromised via a supply-chain attack on April 14, 2026. Attackers exploited social engineering tactics to infiltrate the .fi domain registration process and hijack DNS resolution, causing users attempting to access swap.cow.fi to be redirected to a phishing site for several hours. During this period, attackers deployed a counterfeit trading interface and attempted to trick users into connecting their wallets and signing malicious transactions. The report states that this incident did not impact CoW Protocol’s on-chain smart contracts, backend systems, or user fund security; core infrastructure—including services hosted on AWS and Vercel—remained uncompromised. The attack occurred exclusively during the domain registration and transfer process: attackers gained control by forging identity documents and exploiting vulnerabilities in the registration workflow, briefly modifying the domain’s DNS records. The team detected the anomaly within 19 minutes and initiated emergency response procedures, subsequently migrating to cow.finance and fully restoring the cow.fi domain within approximately 26 hours. CoW’s team noted that affected users were primarily those who visited the official website during the domain hijacking window. Preliminary estimates place losses at around $1.2 million. The cow.fi domain has since been reactivated with enhanced security measures—including RegistryLock—and the team has launched external security audits, legal proceedings against the perpetrators, and is developing a potential user compensation plan. The official statement emphasizes that the vulnerability has been patched and outlines plans to improve domain infrastructure security through governance initiatives and industry collaboration.
Cowswap Frontend Attacked—Do Not Interact
According to official reports, the Blockaid system has detected a front-end attack targeting Cowswap, and the website COW[.]FI has been flagged as malicious. If your wallet is connected, immediately revoke permissions and avoid any interaction with this DApp.
Related news
CoW Swap Releases Post-Mortem Report on Attack: cow.fi Domain Hijacking Resulted from Supply Chain Attack on Registration Pipeline; Preliminary Estimate of User Losses Is Approximately $1.2 Million
According to an official incident post-mortem report on the CoW Swap attack, its domain cow.fi was compromised via a supply-chain attack on April 14, 2026. Attackers exploited social engineering tactics to infiltrate the .fi domain registration process and hijack DNS resolution, causing users attempting to access swap.cow.fi to be redirected to a phishing site for several hours. During this period, attackers deployed a counterfeit trading interface and attempted to trick users into connecting their wallets and signing malicious transactions. The report states that this incident did not impact CoW Protocol’s on-chain smart contracts, backend systems, or user fund security; core infrastructure—including services hosted on AWS and Vercel—remained uncompromised. The attack occurred exclusively during the domain registration and transfer process: attackers gained control by forging identity documents and exploiting vulnerabilities in the registration workflow, briefly modifying the domain’s DNS records. The team detected the anomaly within 19 minutes and initiated emergency response procedures, subsequently migrating to cow.finance and fully restoring the cow.fi domain within approximately 26 hours. CoW’s team noted that affected users were primarily those who visited the official website during the domain hijacking window. Preliminary estimates place losses at around $1.2 million. The cow.fi domain has since been reactivated with enhanced security measures—including RegistryLock—and the team has launched external security audits, legal proceedings against the perpetrators, and is developing a potential user compensation plan. The official statement emphasizes that the vulnerability has been patched and outlines plans to improve domain infrastructure security through governance initiatives and industry collaboration.
Cowswap Frontend Attacked—Do Not Interact
According to official reports, the Blockaid system has detected a front-end attack targeting Cowswap, and the website COW[.]FI has been flagged as malicious. If your wallet is connected, immediately revoke permissions and avoid any interaction with this DApp.