Back
Blockaid Says CowSwap Front End Was Attacked, Warns Users to Revoke Approvals

Blockaid Says CowSwap Front End Was Attacked, Warns Users to Revoke Approvals

CoW Swap says its frontend access has been restored at swap.cow.finance, while tech lead Felix Leupold advises users to approve only the original GPv2VaultRelayer contract address after the attack warning.

Fact Check
The validated PANews report supports the core incident claim that Blockaid said the CowSwap front end was attacked and warned users to revoke approvals, while also stating CoWSwap told users not to use the platform temporarily. PANews specifically references CoWSwap’s X post at https://x.com/CoWSwap/status/2044078590514327888. Separately, tracing the Odaily link produced an Aave source URL, https://x.com/aave/status/2044085316642804193, which suggests Aave did issue a statement connected to the incident. However, because the Aave and CoWSwap X posts could not be fetched and corroboration searches did not return usable results, I could not directly verify the narrower details that Aave said its interface and protocol were unaffected, that CowSwap disabled integrator swap endpoints, and that Aave rerouted trades through ParaSwap where available.
    Reference12
Summary

CoW Swap restored its frontend and said users can again access the platform through swap.cow.finance after a front-end attack that prompted warnings not to trade. Tech lead Felix Leupold said users should approve only the original GPv2VaultRelayer contract address. The update follows Blockaid flagging the interface as malicious and earlier precautionary measures including warnings to avoid the dApp, revoke approvals, and the temporary disabling of swap endpoints for integrators.

Terms & Concepts
  • dApp: A decentralized application that runs on blockchain infrastructure, often using a web interface to let users interact with smart contracts.
  • DeFi: Short for decentralized finance, a category of blockchain-based financial applications that operate through smart contracts rather than traditional intermediaries.
  • GPv2VaultRelayer: A CoW Swap-related contract address used in the swap flow; users were told to approve only the original contract after the frontend attack.