CoW Swap, a decentralized trading interface, halted its services on Tuesday after detecting a domain name system (DNS) hijacking attack affecting its website.
The team behind the DEX aggregator issued a warning on X, instructing traders to avoid the platform's interface until the security issue is resolved.
According to a post from the CoW Swap team, the attack occurred at 14:54 UTC. While the protocol's backend and APIs were not directly compromised, developers paused both systems as a precaution.
Front-end vulnerability
DNS hijacking allows attackers to redirect users from legitimate domains to malicious lookalike sites. These sites are often used to drain crypto wallets or harvest private user data.
This specific attack vector targets the web front-end layer of DeFi platforms. In these ecosystems, users typically rely on web-based interfaces to interact with otherwise secure smart contracts.
CoW Swap functions as a decentralized exchange aggregator. It sources liquidity across various venues and uses a 'Coincidence of Wants' mechanism to match trades or batch them for execution.
Orders are managed by competing 'solvers' to optimize outcomes and reduce slippage. This design aims to limit exposure to maximal extractable value (MEV), a practice where bots reorder transactions for profit.
"We are now actively working to resolve the situation," the CoW Swap team wrote on X. "Please continue to refrain from using swap dot cow dot fi until we confirm that it is safe to use."
The platform is governed by CoW DAO, a decentralized autonomous organization originating from the Gnosis ecosystem.
