CoW DAO, the organization behind the CoW Swap decentralized exchange aggregator, issued an emergency warning to users on Tuesday after its website fell victim to a DNS hijacking attack.
At approximately 14:54 UTC, attackers compromised the project’s frontend domain, swap.cow.fi. The CoW DAO team immediately took to X to alert the community.
"We are currently experiencing an issue with the CoW Swap frontend (http://swap.cow.fi). While we are investigating, please DO NOT use CoW Swap," the team wrote.
While the frontend was compromised, the developers confirmed that the protocol's backend and APIs remained secure. However, the team temporarily paused services as a precautionary measure.
Users have been advised to revoke all token approvals made on the platform after the 14:54 UTC timestamp using tools such as revoke.cash. It is currently unclear if any user funds were directly compromised during the hijacking.
Critical infrastructure at risk
CoW Swap serves as a vital component of the Ethereum ecosystem, integrating with major protocols including Aave and the Safe wallet. The platform uses a "Coincidence of Wants" model to facilitate peer-to-peer trades without intermediaries.
According to DeFiLlama, the aggregator processed roughly $3.5 billion in volume over the last 30 days. The protocol has generated approximately $50 million in lifetime fees.
This incident is the latest in a string of recent frontend exploits targeting DeFi protocols. Earlier this month, HypurrFi reported a similar phishing-based takeover, and the BONKfun domain was compromised last month.
CoW DAO stated they are actively working to resolve the situation and urged users to refrain from using the site until a formal safety confirmation is issued.
