• Cow Swap’s frontend at swap.cow.fi was hijacked via DNS at 14:54 UTC on April 14, 2026.
• Cow DAO paused Cow Protocol’s APIs and backend as a precaution, with no confirmed contract-level losses reported.
• Users who interacted with swap.cow.fi after 14:54 UTC should revoke approvals immediately using revoke.cash.

The hijack was detected at approximately 14:54 UTC on April 14, 2026. Cow DAO issued a public warning on X at roughly 15:41 UTC, advising users to stop interacting with the site entirely while the team investigated.

A follow-up post at 16:24 UTC confirmed the DNS hijacking and noted that Cow Protocol’s backend and APIs were not affected. The team paused those services anyway as a precaution.

DNS hijacking is a well-known attack method in decentralized finance ( DeFi). Attackers gain control of domain registrar settings, redirect traffic to a lookalike site, and deploy wallet drainers that trigger malicious transactions when users connect their wallets or sign approvals.

Cow Swap operates as a non-custodial platform, meaning the protocol itself does not hold user funds. Smart contracts and on-chain infrastructure were not touched in this incident. The risk was limited to users who visited the compromised frontend and signed transactions after 14:54 UTC.

Cow DAO posted guidance at 16:33 UTC instructing affected users to revoke any approvals granted after that time. The team pointed to revoke.cash as a tool for doing so.

No large-scale confirmed losses were reported as of late afternoon UTC. Community members flagged isolated suspicious transactions, but there was no evidence of a systemic drain affecting the broader protocol.

Security tool Blockaid flagged swap.cow.fi and related domains, including cow.fi during the incident window. The team continued monitoring through approximately 18:15 UTC and asked users with potentially affected transactions to submit their transaction hashes for review.

As of the latest available information, the protocol remained paused, and Cow DAO had not confirmed full restoration or released a post-mortem.

Frontend and DNS attacks have targeted several DeFi protocols in recent months. These incidents typically exploit registrar-level weaknesses, such as social engineering support staff or compromised two-factor authentication credentials, rather than any flaw in smart contract code.

Cow Protocol is part of the Gnosis ecosystem and uses batch auctions and Coincidence of Wants matching to provide MEV-protected trades. The protocol has processed billions of dollars in volume since launch.

A full post-mortem from Cow DAO is expected once the DNS issue is resolved and the site is confirmed safe to use.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。