- Cow DAO paused all protocol companies after attackers hijacked the DNS data for swap.cow.fi at 14:54 UTC on April 14, redirecting customers to a wallet-draining frontend.
- At the least US$1 million (AU$1.45 million) in funds was stolen inside three hours, together with 219 ETH intercepted from a single dealer’s pockets.
- Good contracts and on-chain infrastructure weren’t compromised, however the protocol remained offline as Cow DAO investigated and urged customers to revoke approvals through revoke.money.
CoW Swap paused its protocol on April 14 after attackers hijacked the DNS data of its frontend, redirecting customers to a malicious web site that drained at the least US$1 million (AU$1.45 million) in crypto property.
The exploit was detected at 14:54 UTC, with Cow DAO issuing a public warning at 15:41 UTC and confirming the DNS compromise at 16:24 UTC. The group halted the protocol shortly after, though backend techniques and sensible contracts weren’t instantly affected.
UPDATE: CoW Swap skilled a DNS hijacking at 14:54 UTC (roughly 90 minutes in the past).
The CoW Protocol backend and APIs weren’t impacted, however we’ve got paused them quickly as a precaution.
We are actually actively working to resolve the scenario. Please proceed to…
— CoW DAO (@CoWSwap) April 14, 2026
The assault focused the area swap.cow.fi on the registrar degree, redirecting site visitors to a cloned interface designed to trick customers into connecting wallets and approving transactions. CoW Swap operates as a non-custodial protocol, which means funds remained in consumer wallets and no contract-level breach occurred.
On-chain information exhibits at the least US$1 million (AU$1.45 million) was extracted inside three hours. One flagged handle alone obtained 219 ETH from a single pockets. The full influence stays unsure, nonetheless.
Learn extra: Quantum Threat to Crypto? XRP Ledger Shows Surprising Resilience
Losses and Consumer Response
Cow DAO instructed affected customers at 16:33 UTC to revoke all token approvals utilizing revoke.money.
Safety agency Blockaid flagged the malicious domains, together with swap.cow.fi and cow.fi, in the course of the incident. The group continued monitoring exercise till round 18:15 UTC and requested transaction hashes from probably impacted customers.
Related exploits have affected platforms equivalent to Curve Finance and Balancer.
CoW Swap, a part of the Gnosis ecosystem, processes trades utilizing batch auctions and “Coincidence of Needs” matching, a system that pairs customers instantly to scale back reliance on exterior liquidity and restrict MEV (most extractable worth).
The protocol remained offline on the time of reporting, with no confirmed timeline for restoration or post-incident evaluation launched.
Learn extra: Aave DAO Approves $25M Grant Despite Internal Pushback
The publish CoW Swap Hit by DNS Attack, Users Urged to Stay Away Amid Ongoing Exploit appeared first on Crypto News Australia.