Cow Swap, a platform that combines multiple decentralized exchanges using Cow Protocol, temporarily stopped operating on Monday. This happened because hackers took control of the website address (DNS records) for its main site, swap.cow.fi.
Key Takeaways:
- Cow Swap’s frontend at swap.cow.fi was hijacked via DNS at 14:54 UTC on April 14, 2026.
- Cow DAO paused Cow Protocol’s APIs and backend as a precaution, with no confirmed contract-level losses reported.
- Users who interacted with swap.cow.fi after 14:54 UTC should revoke approvals immediately using revoke.cash.
Cow Swap Pauses Protocol After DNS Hijacking Hits Frontend Domain
The hijack was detected at approximately 14:54 UTC on April 14, 2026. Cow DAO issued a public warning on X at roughly 15:41 UTC, advising users to stop interacting with the site entirely while the team investigated.
An update at 4:24 PM UTC verified that the DNS system had been compromised, but confirmed that Cow Protocol’s core services and APIs remained secure. As a safety measure, the team temporarily shut down those services.
DNS hijacking is a well-known attack method in decentralized finance ( DeFi). Attackers gain control of domain registrar settings, redirect traffic to a lookalike site, and deploy wallet drainers that trigger malicious transactions when users connect their wallets or sign approvals.
Cow Swap operates as a non-custodial platform, meaning the protocol itself does not hold user funds. Smart contracts and on-chain infrastructure were not touched in this incident. The risk was limited to users who visited the compromised frontend and signed transactions after 14:54 UTC.
Cow DAO posted guidance at 16:33 UTC instructing affected users to revoke any approvals granted after that time. The team pointed to revoke.cash as a tool for doing so.
As of late afternoon UTC, no major losses had been confirmed. While some community members noticed a few unusual transactions, there was no sign of a widespread problem with the overall system.
Security tool Blockaid flagged swap.cow.fi and related domains, including cow.fi during the incident window. The team continued monitoring through approximately 18:15 UTC and asked users with potentially affected transactions to submit their transaction hashes for review.
As of the latest available information, the protocol remained paused, and Cow DAO had not confirmed full restoration or released a post-mortem.
Frontend and DNS attacks have targeted several DeFi protocols in recent months. These incidents typically exploit registrar-level weaknesses, such as social engineering support staff or compromised two-factor authentication credentials, rather than any flaw in smart contract code.
Cow Protocol is part of the Gnosis ecosystem and uses batch auctions and Coincidence of Wants matching to provide MEV-protected trades. The protocol has processed billions of dollars in volume since launch.
A full post-mortem from Cow DAO is expected once the DNS issue is resolved and the site is confirmed safe to use.
Read More
- Top 5 Best New Mobile Games to play in May 2026
- Yummy Tteokbokki ASMR redeem codes and how to use them (May 2026)
- Supercell’s “neo mo.co” update set for the Summer of 2026 and this might save the game
- The SATISFY x adidas Adizero Adios Pro 4 Debuts in Three Earthy Colorways
- Honor of Kings x Attack on Titan Collab Skins: All Skins, Price, and Availability
- These Cartoon Reboots Totally Missed the Point of the Originals (& Went Downhill Fast)
- FC Mobile 26 TOTS (Team of the Season) event Guide and Tips
- Last Furry: Survival redeem codes and how to use them (April 2026)
- Honkai: Star Rail Silver Wolf Lv. 999 Build Guide: Best Relics, Light Cone, Team Comps, and more
- Clash of Clans May 2026: List of Weekly Events, Challenges, and Rewards
2026-04-14 21:57