Back
CoW Swap Pauses Protocol After Domain Hijacking Incident

CoW Swap Pauses Protocol After Domain Hijacking Incident

According to Cow DAO, attackers took control of the cow.fi domain by deceiving its DNS registrar, prompting remediation after a phishing site attempted to steal wallet credentials and seed phrases.

Fact Check
The claim is strongly supported by multiple fetched sources. CoinDesk’s article states that CoW Swap detected a DNS hijacking incident affecting its website and that the protocol’s backend and APIs were paused as a precaution. Yahoo Finance independently reports the same core facts: a compromised front end/domain and a temporary protocol pause. Bitcoin.com further corroborates the timing and describes the event as a DNS/domain hijack of swap.cow.fi followed by a pause of APIs/backend. Together, these sources support the statement that CoW Swap halted or paused protocol operations following a domain hijacking incident that could redirect users away from the legitimate service. The only nuance is wording: reports describe the core protocol/smart contracts as not directly compromised, while backend/APIs were paused precautionarily. So the statement is accurate in substance, though 'halts protocol' is slightly broader than the more precise phrasing 'paused backend/APIs and told users to avoid the site' in Popular DeFi platform warns users to stay away from its site after security breach and Ethereum DeFi Exchange CoW Swap Pauses Protocol Following Website Compromise.
    Reference123
Summary

Cow DAO said attackers gained control of the cow.fi domain on April 14 by deceiving its DNS registrar, expanding on the earlier reported domain hijacking incident that led CoW Swap to pause its protocol. According to the team, the malicious site used harmful wallet signature prompts and fake wallet pop-ups to try to steal seed phrases and passwords from users. Cow DAO said it has since regained control of the domain and is transitioning back from cow.finance.

Terms & Concepts
  • DNS registrar: A service provider that manages domain name registrations and related settings, making it a critical control point for website access and security.
  • Seed phrases: A sequence of backup words that restores a crypto wallet; if stolen, attackers can gain full access to the wallet’s assets.
  • Wallet signatures: Cryptographic approvals generated by a wallet to authorize actions; malicious signature requests can trick users into granting harmful permissions.