Cow Swap, a platform that combines multiple decentralized exchanges using Cow Protocol, temporarily stopped operating on Monday. This happened because hackers took control of the website address (DNS records) for its main site, swap.cow.fi.
Key Takeaways:
- Cow Swap’s frontend at swap.cow.fi was hijacked via DNS at 14:54 UTC on April 14, 2026.
- Cow DAO paused Cow Protocol’s APIs and backend as a precaution, with no confirmed contract-level losses reported.
- Users who interacted with swap.cow.fi after 14:54 UTC should revoke approvals immediately using revoke.cash.
Cow Swap Pauses Protocol After DNS Hijacking Hits Frontend Domain
The hijack was detected at approximately 14:54 UTC on April 14, 2026. Cow DAO issued a public warning on X at roughly 15:41 UTC, advising users to stop interacting with the site entirely while the team investigated.
An update at 4:24 PM UTC verified that the DNS system had been compromised, but confirmed that Cow Protocol’s core services and APIs remained secure. As a safety measure, the team temporarily shut down those services.
DNS hijacking is a well-known attack method in decentralized finance ( DeFi). Attackers gain control of domain registrar settings, redirect traffic to a lookalike site, and deploy wallet drainers that trigger malicious transactions when users connect their wallets or sign approvals.
Cow Swap operates as a non-custodial platform, meaning the protocol itself does not hold user funds. Smart contracts and on-chain infrastructure were not touched in this incident. The risk was limited to users who visited the compromised frontend and signed transactions after 14:54 UTC.
Cow DAO posted guidance at 16:33 UTC instructing affected users to revoke any approvals granted after that time. The team pointed to revoke.cash as a tool for doing so.
As of late afternoon UTC, no major losses had been confirmed. While some community members noticed a few unusual transactions, there was no sign of a widespread problem with the overall system.
Security tool Blockaid flagged swap.cow.fi and related domains, including cow.fi during the incident window. The team continued monitoring through approximately 18:15 UTC and asked users with potentially affected transactions to submit their transaction hashes for review.
As of the latest available information, the protocol remained paused, and Cow DAO had not confirmed full restoration or released a post-mortem.
Frontend and DNS attacks have targeted several DeFi protocols in recent months. These incidents typically exploit registrar-level weaknesses, such as social engineering support staff or compromised two-factor authentication credentials, rather than any flaw in smart contract code.
Cow Protocol is part of the Gnosis ecosystem and uses batch auctions and Coincidence of Wants matching to provide MEV-protected trades. The protocol has processed billions of dollars in volume since launch.
A full post-mortem from Cow DAO is expected once the DNS issue is resolved and the site is confirmed safe to use.
Read More
- Kagurabachi Chapter 118 Release Date, Time & Where to Read Manga
- Annulus redeem codes and how to use them (April 2026)
- The Division Resurgence Best Weapon Guide: Tier List, Gear Breakdown, and Farming Guide
- Gold Rate Forecast
- Last Furry: Survival redeem codes and how to use them (April 2026)
- Gear Defenders redeem codes and how to use them (April 2026)
- Silver Rate Forecast
- Clash of Clans Sound of Clash Event for April 2026: Details, How to Progress, Rewards and more
- Total Football free codes and how to redeem them (March 2026)
- Simon Baker’s ex-wife left ‘shocked and confused’ by rumours he is ‘enjoying a romance’ with Nicole Kidman after being friends with the Hollywood star for 40 years
2026-04-14 21:57