3 days ago
Cow Swap, a decentralized exchange aggregator built connected Cow Protocol, paused its protocol Monday aft attackers hijacked the DNS records for its main frontend astatine swap.cow.fi.
Key Takeaways:
- Cow Swap’s frontend astatine swap.cow.fi was hijacked via DNS astatine 14:54 UTC connected April 14, 2026.
- Cow DAO paused Cow Protocol’s APIs and backend arsenic a precaution, with nary confirmed contract-level losses reported.
- Users who interacted with swap.cow.fi aft 14:54 UTC should revoke approvals instantly utilizing revoke.cash.
Cow Swap Pauses Protocol After DNS Hijacking Hits Frontend Domain
The hijack was detected astatine astir 14:54 UTC connected April 14, 2026. Cow DAO issued a public warning connected X astatine astir 15:41 UTC, advising users to halt interacting with the tract wholly portion the squad investigated.
A follow-up station astatine 16:24 UTC confirmed the DNS hijacking and noted that Cow Protocol’s backend and APIs were not affected. The squad paused those services anyhow arsenic a precaution.
DNS hijacking is simply a well-known onslaught method successful decentralized finance ( DeFi). Attackers summation power of domain registrar settings, redirect postulation to a lookalike site, and deploy wallet drainers that trigger malicious transactions erstwhile users link their wallets oregon motion approvals.
Cow Swap operates arsenic a non-custodial platform, meaning the protocol itself does not clasp idiosyncratic funds. Smart contracts and on-chain infrastructure were not touched successful this incident. The hazard was constricted to users who visited the compromised frontend and signed transactions aft 14:54 UTC.
Cow DAO posted guidance astatine 16:33 UTC instructing affected users to revoke immoderate approvals granted aft that time. The squad pointed to revoke.cash arsenic a instrumentality for doing so.
No large-scale confirmed losses were reported arsenic of precocious day UTC. Community members flagged isolated suspicious transactions, but determination was nary grounds of a systemic drain affecting the broader protocol.
Security instrumentality Blockaid flagged swap.cow.fi and related domains, including cow.fi during the incidental window. The squad continued monitoring done astir 18:15 UTC and asked users with perchance affected transactions to taxable their transaction hashes for review.
As of the latest disposable information, the protocol remained paused, and Cow DAO had not confirmed afloat restoration oregon released a post-mortem.
Frontend and DNS attacks person targeted respective DeFi protocols successful caller months. These incidents typically exploit registrar-level weaknesses, specified arsenic societal engineering enactment unit oregon compromised two-factor authentication credentials, alternatively than immoderate flaw successful smart contract code.
Cow Protocol is portion of the Gnosis ecosystem and uses batch auctions and Coincidence of Wants matching to supply MEV-protected trades. The protocol has processed billions of dollars successful volume since launch.
A afloat post-mortem from Cow DAO is expected erstwhile the DNS contented is resolved and the tract is confirmed harmless to use.
English (US) 