News linked to both this project and an event.
CoW Swap announced on X that it has regained control of the cow.fi domain and has been operating normally on cow.finance for some time, with a gradual transition back to the original domain now underway. The official statement explained that on April 14, attackers deceived the DNS registrar with forged documents to seize control of the cow.fi domain. They then deployed a highly realistic phishing site in two stages: first, luring users into signing malicious transactions via a wallet drainer; second, stealing seed phrases and passwords through fake wallet pop-ups. This attack targeted the domain registrar—not CoW Swap’s own infrastructure or private key security. Affected users should revoke all approvals using tools such as Revoke.cash and consider transferring funds to a new wallet.
The token permission checker Revoke.cash has launched a portal to identify addresses affected by CoW Swap. Users can enter an address in the portal to check whether it is impacted by unrevoked approvals. Earlier, CoW Swap’s Technical Lead Felix Leupold tweeted that CoW Swap’s frontend has been restored and is now accessible at swap.cow.finance. He reminded users that approvals were only granted to the original GPv2VaultRelayer contract address.