CoW Swap hit by DNS hijacking affecting frontend, no fund losses reported but users urged to revoke approvals.
Author: Arushi Garg
High attention and emotional sentiment detected.
15 April, 2026: Attackers carried out a DNS hijacking attack on CoW Swap’s main frontend domain (swap.cow.fi), redirecting users to a malicious site under their control. The team detected the incident on April 14, 2026 at approximately 14:54 UTC, according to its official disclosure. In response, the team paused the interface and urged users to revoke any token approvals they granted through the affected domain.
“We have identified a DNS hijacking attack affecting swap.cow.fi. The protocol remains secure, but users should revoke approvals as a precaution,” a CoW DAO spokesperson said in an official statement. According to the CoW DAO team, the protocol’s non-custodial architecture means core smart contracts, backend infrastructure, and user funds remained unaffected.
High Signal Summary For A Quick Glance
DeFi Potato
@0x_Couch_Potato
@CoWSwap @grok explain why Crypto teams never learn and assume it won't happen to them?
🚨🚨 UPDATE: CoW Swap experienced a DNS hijacking at 14:54 UTC (approximately 90 minutes ago). The CoW Protocol backend and APIs were not impacted, but we have paused them temporarily as a precaution. We are now actively working to resolve the situation. Please continue to
10:29 AM·Apr 15, 2026
Ageesen
@ageesen
@CoWSwap This is why you should own and operate .cow Own and control your namespace entirely. No 3rd parties to hijack if setup properly.
🚨🚨 UPDATE: CoW Swap experienced a DNS hijacking at 14:54 UTC (approximately 90 minutes ago). The CoW Protocol backend and APIs were not impacted, but we have paused them temporarily as a precaution. We are now actively working to resolve the situation. Please continue to
03:07 AM·Apr 15, 2026
bidur
@justcryptodefi
@CoWSwap just letting you know that most people who have saved / favorited their links in their app will not be reading tweets before doing transaction. please don't get sloppy
🚨🚨 UPDATE: CoW Swap experienced a DNS hijacking at 14:54 UTC (approximately 90 minutes ago). The CoW Protocol backend and APIs were not impacted, but we have paused them temporarily as a precaution. We are now actively working to resolve the situation. Please continue to
04:48 PM·Apr 14, 2026
CoW Swap, a decentralized exchange aggregator built on the CoW Protocol, experienced a DNS hijacking attack on April 14, 2026. Attackers redirected traffic from the legitimate frontend (swap.cow.fi) to a malicious domain. The team identified the issue at approximately 14:54 UTC, according to its disclosure, and immediately shut down the interface as a precautionary measure.
The team stated that no core infrastructure including smart contracts or APIs was compromised. This incident follows a pattern seen in prior DeFi attacks, including frontend compromises affecting platforms like Balancer (September 2023) and Curve ecosystem interfaces, where attackers targeted DNS or hosting layers rather than on-chain logic.
Frontend compromise versus protocol-layer security during the CoW Swap DNS hijacking incident
The attack likely originated at the domain registrar level, a known vulnerability vector in DeFi frontend exploits. The team took the interface offline shortly after detection and said that users did not significantly interact with the malicious site before mitigation, though the investigation is still ongoing. According to the CoW DAO’s official statement, the protocol’s non-custodial design ensured that “no user funds were at risk at the smart contract level.”
The team is now:
A related post shared by the team on X (formerly Twitter) confirmed the attack and urged users to revoke approvals immediately.
Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.
