- CoW Swap, a prominent decentralized exchange aggregator, reported a front-end security breach on April 14.
- The protocol’s governing DAO has paused services and warned users to avoid the cow.fi domain entirely.
- Security firm Blockaid confirmed a DNS hijack, prompting advisories for users to immediately revoke token approvals.
CoW Swap, a decentralized exchange aggregator that batches trades to optimize pricing, has instructed its users to avoid its official website following a security breach on April 14. The protocol’s decentralized autonomous organization (DAO) paused services and issued a warning explicitly telling users to stay away from the cow.fi domain while the incident is investigated.
The directive to avoid the web domain follows a confirmation that the vulnerability is located at the front-end level. Web3 security firm Blockaid flagged the platform’s main interface as malicious, identifying the exploit as a suspected Domain Name System (DNS) hijack.
When a decentralized application’s front-end is compromised via a DNS hijack, the underlying smart contracts on the blockchain remain secure, but the interface used to interact with them is altered. Malicious actors manipulate the web interface to route user approvals and token transfers to attacker-controlled wallets instead of the legitimate protocol contracts.
Users who connect their web3 wallets to a compromised interface risk signing malicious transactions that can drain their holdings. Security analysts and community members have urged users not to sign any new transactions and to immediately revoke existing token approvals tied to the protocol to prevent unauthorized withdrawals.
Because the on-chain contracts remain intact, the incident poses a direct threat to individual user wallets rather than creating protocol-level insolvency. Market analysts tracking the event noted that the breach creates immediate user-level sell and withdrawal pressure.
Activity involving the protocol’s web interface remains halted pending further updates and domain recovery from the CoW Swap development team. The incident reflects a broader, ongoing trend of DeFi front-end and DNS attacks targeting user devices, even when the foundational code remains uncompromised.
The content provided in this article is for informational and educational purposes only. It is not intended to be, and should not be construed as, financial, investment, legal, or tax advice.
