CoW Swap Halts Trading After DNS Hijack Redirects Users to Malicious Site

CoW Swap suffered a DNS hijacking attack on April 14, 2026, that forced the platform to halt operations.

“Popular DeFi platform warns users to stay away from its site after security breach The team that helps operate the platform, CoW Swap, said that it was working to resolve the issue for the DEX aggregator”

@coindesk

The attack occurred at 14:54 UTC when the project's domain was compromised, redirecting users to a malicious lookalike site.

@coindesk

The protocol's backend and smart contracts were not directly compromised, but were paused as a precaution.

The incident highlights persistent security risks around web front-ends in DeFi platforms.

CoW Swap operates as a decentralized exchange aggregator using a Coincidence of Wants mechanism.

The platform is governed by CoW DAO, spun out of the Gnosis ecosystem.

CoW DAO issued a public warning urging users to avoid interacting with swap.cow.fi.

Security firm Blockaid flagged the CoW Swap interface as malicious.

Bitcoin News

Users were prompted to revoke all approvals made after 14:54 UTC using tools like revoke.cash.

Other DeFi teams, such as Aave, took precautionary measures.

The attack vector has become a persistent weak point in decentralized finance.

The incident occurred amid a broader wave of Web3 hacks.

The COW token traded at approximately $0.2201 with a market cap of around $121.7 million.

“Popular DeFi platform warns users to stay away from its site after security breach The team that helps operate the platform, CoW Swap, said that it was working to resolve the issue for the DEX aggregator”

CoinDesk

The platform had processed roughly $3.5 billion in trading volume over the past 30 days.

CoW Swap has been integrated with key Ethereum-based applications including Safe and Aave.

The incident revived scrutiny of CoW Swap's governance.

The team has not yet confirmed full restoration or released a post-mortem.