0:00
0:00
Subscribe to Bankless or sign in
CoW Swap, one of Ethereum's most-used DEX aggregators, was hit by a DNS hijacking today that redirected swap.cow.fi to a malicious site. At the time of this article's writing, the issue was still active.
What's the Scoop?
- The Attack: Earlier this morning, CoW Swap's frontend domain was taken over by attackers who redirected visitors to a phishing site. The underlying CoW Protocol smart contracts were not compromised, though the team temporarily paused them as a precaution.
- User Risk: Anyone who visited the frontend after 14:54 UTC and connected a wallet or signed approvals may have been exposed. CoW DAO is urging affected users to immediately revoke any approvals made during that window using tools like revoke.cash, and to avoid the site until an official all-clear is issued.
- Why It Matters: CoW Swap is a significant piece of Ethereum's DeFi ecosystem, processing billions of dollars in monthly DEX aggregator volume and integrated into major protocols including
Aave and Safe. DNS hijacking attacks on crypto frontends have become increasingly common, suggesting more defensive practices are needed here.
Users should revoke all approvals made on CoW Swap after 14:54 UTC today. Tools like https://t.co/CGNBLppgWS make this easy to do. https://t.co/JNEUaTcuVd
— CoW DAO (@CoWSwap) April 14, 2026
