tradingkey.logo
tradingkey.logo
Search

CoW Swap reports a DNS attack, advising all traders not to interact with the protocol

CryptopolitanApr 14, 2026 7:55 PM
facebooktwitterlinkedin
View all comments0

CoW Swap reported frontend problems and a DNS hijacking. The protocol called all traders to revoke permissions and avoid losing assets from connected wallets. 

CoW Swap, one of the leading DEX trading routing protocols, reported frontend problems. Later, the issue turned out to be a malicious DNS hijacking, allowing bad actors to exploit trader wallets. 

The protocol team discovered a DNS hijacking from 14:54 UTC, with the attack lasting over 90 minutes. The backend and APIs were not affected, but the entire routing app was paused. 

CoW Swap advised all traders to stop using the main site until further notice. 

DNS hijacking is extremely risky for Web3, as the attack can go unnoticed and drain connected wallets. The CoW Swap frontend is one of the trusted links to DEX trading, which could steal funds even without a backend exploit. 

Within three hours of the attack, the compromised site led to $1M in stolen funds. One of the flagged addresses managed to intercept 219 ETH from a trader’s wallet. The exact size of the exploit depends on how many more wallets interact with the protocol, and if permission has exposed a whale wallet.

How does a DNS attack affect CoW Swap users? 

The CoW Swap official address was compromised at the domain level, affecting anyone who used the site as an entry point. 

Swap.cow dot fi could be redirecting users to a malicious site, which can then be used to extract wallet credentials, permissions, or even seed phrases from users. The site could have been compromised at a deeper level, allowing it to redirect traffic to a malicious web server. 

Users still see the official address, which looks legitimate. The Cow Swap contracts are not affected, and the APIs are still usable in theory, but the protocol team warned against using the app until it is deemed safe. 

For recent interactions, the best action is to revoke all permissions made through the site, using services like Revoke Cash. Traders can use the service to check the list of wallet permissions and disconnect all unknown connections or CoW Protocol permissions. 

Cow Protocol attack reveals another Web3 weakness

Cow Swap has been one of the main hubs for Web3 trading. The router handled around $3.8B in volumes for March and around $1.22B in April to date. Weekly volumes have established a baseline of around $700M. 

The protocol is the most active router for the best DEX pricing, used widely on EVM-compatible chains. Cow Protocol is active on Ethereum, Gnosis, Arbitrum, Base, Polygon, Avalanche, and Lens Network. In recent months, CoW Protocol has been more widely used for BNB Chain trading. 

CoW Swap experienced DNS hijacking
CoW Protocol emerged as the leading DEX aggregator, after a recent growth of activity on BNB Chain. | Source: Dune Analytics

The recent DNS attack follows a series of Web3 attempts, often resulting in significant losses. The case gained additional attention after the recent Drift Protocol hack. Web3 attacks are becoming more common, leaving analysts to suspect the involvement of AI in monitoring weaknesses.

The smartest crypto minds already read our newsletter. Want in? Join them.

Disclaimer: The information provided on this website is for educational and informational purposes only and should not be considered financial or investment advice.

Comments (0)

Click the $ button, enter the symbol, and select to link a stock, ETF, or other ticker.

0/500
Commenting Guidelines
Loading...

Recommended Articles

tradingkey.logo
* References, analysis, and trading strategies are provided by the third-party provider, Trading Central, and the point of view is based on the independent assessment and judgement of the analyst, without considering the investment objectives and financial situation of the investors.
Risk Warning: Our Website and Mobile App provides only general information on certain investment products. Finsights does not provide, and the provision of such information must not be construed as Finsights providing, financial advice or recommendation for any investment product.
Investment products are subject to significant investment risks, including the possible loss of the principal amount invested and may not be suitable for everyone. Past performance of investment products is not indicative of their future performance.
Finsights may allow third party advertisers or affiliates to place or deliver advertisements on our Website or Mobile App or any part thereof and may be compensated by them based on your interaction with the advertisements.
© Copyright: FINSIGHTS MEDIA PTE. LTD. All Rights Reserved.