Cow Swap, a platform that combines multiple decentralized exchanges using Cow Protocol, temporarily stopped operating on Monday. This happened because hackers took control of the website address (DNS records) for its main site, swap.cow.fi.
Key Takeaways:
- Cow Swap’s frontend at swap.cow.fi was hijacked via DNS at 14:54 UTC on April 14, 2026.
- Cow DAO paused Cow Protocol’s APIs and backend as a precaution, with no confirmed contract-level losses reported.
- Users who interacted with swap.cow.fi after 14:54 UTC should revoke approvals immediately using revoke.cash.
Cow Swap Pauses Protocol After DNS Hijacking Hits Frontend Domain
The hijack was detected at approximately 14:54 UTC on April 14, 2026. Cow DAO issued a public warning on X at roughly 15:41 UTC, advising users to stop interacting with the site entirely while the team investigated.
An update at 4:24 PM UTC verified that the DNS system had been compromised, but confirmed that Cow Protocol’s core services and APIs remained secure. As a safety measure, the team temporarily shut down those services.
DNS hijacking is a well-known attack method in decentralized finance ( DeFi). Attackers gain control of domain registrar settings, redirect traffic to a lookalike site, and deploy wallet drainers that trigger malicious transactions when users connect their wallets or sign approvals.
Cow Swap operates as a non-custodial platform, meaning the protocol itself does not hold user funds. Smart contracts and on-chain infrastructure were not touched in this incident. The risk was limited to users who visited the compromised frontend and signed transactions after 14:54 UTC.
Cow DAO posted guidance at 16:33 UTC instructing affected users to revoke any approvals granted after that time. The team pointed to revoke.cash as a tool for doing so.
As of late afternoon UTC, no major losses had been confirmed. While some community members noticed a few unusual transactions, there was no sign of a widespread problem with the overall system.
Security tool Blockaid flagged swap.cow.fi and related domains, including cow.fi during the incident window. The team continued monitoring through approximately 18:15 UTC and asked users with potentially affected transactions to submit their transaction hashes for review.
As of the latest available information, the protocol remained paused, and Cow DAO had not confirmed full restoration or released a post-mortem.
Frontend and DNS attacks have targeted several DeFi protocols in recent months. These incidents typically exploit registrar-level weaknesses, such as social engineering support staff or compromised two-factor authentication credentials, rather than any flaw in smart contract code.
Cow Protocol is part of the Gnosis ecosystem and uses batch auctions and Coincidence of Wants matching to provide MEV-protected trades. The protocol has processed billions of dollars in volume since launch.
A full post-mortem from Cow DAO is expected once the DNS issue is resolved and the site is confirmed safe to use.
Read More
- Last Furry: Survival redeem codes and how to use them (April 2026)
- Gear Defenders redeem codes and how to use them (April 2026)
- Clash of Clans “Clash vs Skeleton” Event for May 2026: Details, How to Progress, Rewards and more
- Neverness to Everness Hotori Build Guide: Kit, Best Arcs, Console, Teams and more
- Clash of Clans May 2026: List of Weekly Events, Challenges, and Rewards
- Brawl Stars Damian Guide: Attacks, Star Power, Gadgets, Hypercharge, Gears and more
- Neverness to Everness City Tycoon Guide: How to Unlock, Level Up, Rewards, and Benefits
- Total Football free codes and how to redeem them (March 2026)
- Neverness to Everness Daffodil Build Guide: Kit, Best Arcs, Console, Teams and more
- Clash Royale Season 83 May 2026 Update and Balance Changes
2026-04-14 21:57