Gate News message, April 15 — CoW Swap suspended its protocol yesterday (April 14) after attackers hijacked the DNS records of swap.cow.fi at 14:54 UTC, redirecting users to a malicious frontend that drained at least $1 million in crypto assets within three hours. Cow DAO issued a public warning at 15:41 UTC and confirmed the DNS compromise at 16:24 UTC.
On-chain data shows the attack intercepted at least $1 million, including 219 ETH from a single wallet. The exploit targeted the domain at the registrar level, cloning the interface to trick users into approving wallet-draining transactions. Smart contracts and backend systems were not compromised, but the protocol remained offline as a precaution.
Cow DAO instructed affected users at 16:33 UTC to revoke token approvals via revoke.cash. Security firm Blockaid flagged the malicious domains during the incident. CoW Swap, part of the Gnosis ecosystem, uses batch auctions and Coincidence of Wants matching to process trades. No timeline for service restoration has been announced.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Lattice Announces Shutdown: Redstone Will Close on May 16, Users Must Withdraw by the Deadline
Gaming infrastructure developer Lattice announced it will shut down on May 15 and reminded users to withdraw their funds. After the shutdown, contract funds cannot be withdrawn through L1 contracts; only funds in personal wallets can be recovered. Over the past five years, Lattice has failed to realize its business model and ultimately decided to close, but its MUD framework and DUST game will continue to run.
MarketWhisper3h ago
User Loses $316K USDC After Signing Malicious Permit2 Transaction, GoPlus Warns
A user lost $316,000 in USDC due to a malicious Permit2 transaction, highlighting vulnerabilities in token approval mechanisms. GoPlus Security urges users to avoid phishing by following key security practices and installing its protective extension.
GateNews4h ago
Cow Protocol suffers a DNS hijacking; users must immediately revoke permissions
Cow Swap, a DEX aggregation platform built by Cow Protocol, suffered DNS hijacking on April 14. The attacker tampered with domain name records, redirecting user traffic to a spoofed website, and deployed a wallet-draining script. Cow DAO immediately paused the service and advised users to revoke approvals. This incident did not affect the protocol’s smart contracts, but users should remain alert to related risks and verify their transaction records.
MarketWhisper5h ago
CoW Swap Issues Security Alert After Frontend Attack Detected by Blockaid
Blockaid has identified a frontend attack on CoW Swap, marking its domain as malicious. Users are advised to cease interactions, revoke wallet authorizations, and await further updates from the CoW Swap team.
GateNews10h ago
The Ethereum Foundation uses it too! The CoW Swap frontend was hacked, and DeFi leaders advise revoking approvals
The Ethereum DeFi platform CoW Swap experienced DNS hijacking on April 14, which may put users at risk of phishing. Although the protocol itself was not compromised, the risk of frontend attacks remains high. The industry recommends that users revoke approvals before taking any future actions. CoW Swap offers batch transaction functionality and protects against MEV attacks, and its security incident may affect the entire DeFi ecosystem.
ChainNewsAbmedia11h ago
