CoW Swap has issued an urgent warning for all traders to cease interacting with the protocol immediately after confirming a malicious DNS hijacking attack that compromised its frontend for over 90 minutes. The leading DEX routing protocol, which saw trading activity plummet following the security alert, confirmed the attack began at 14:54 UTC, with bad actors potentially exploiting connected wallets during the breach window. While backend systems and APIs remain unaffected, the entire routing application has been paused as the team investigates, advising users to revoke wallet permissions to prevent asset loss.

How does a DNS attack affect CoW Swap users? 

The CoW Swap official address was compromised at the domain level, affecting anyone who used the site as an entry point. 

Swap.cow dot fi could be redirecting users to a malicious site, which can then be used to extract wallet credentials, permissions, or even seed phrases from users. The site could have been compromised at a deeper level, allowing it to redirect traffic to a malicious web server. 

Users still see the official address, which looks legitimate. The Cow Swap contracts are not affected, and the APIs are still usable in theory, but the protocol team warned against using the app until it is deemed safe. 

For recent interactions, the best action is to revoke all permissions made through the site, using services like Revoke Cash. Traders can use the service to check the list of wallet permissions and disconnect all unknown connections or CoW Protocol permissions. 

Cow Protocol attack reveals another Web3 weakness

Cow Swap has been one of the main hubs for Web3 trading. The router handled around $3.8B in volumes for March and around $1.22B in April to date. Weekly volumes have established a baseline of around $700M. 

The protocol is the most active router for the best DEX pricing, used widely on EVM-compatible chains. Cow Protocol is active on Ethereum, Gnosis, Arbitrum, Base, Polygon, Avalanche, and Lens Network. In recent months, CoW Protocol has been more widely used for BNB Chain trading. 

The recent DNS attack follows a series of Web3 attempts, often resulting in significant losses. The case gained additional attention after the recent Drift Protocol hack. Web3 attacks are becoming more common, leaving analysts to suspect the involvement of AI in monitoring weaknesses.

If you want a calmer entry point into DeFi crypto without the usual hype, start with this free video.