CoW Swap said that it paused protocol activity after attackers hijacked the DNS records for its main frontend at swap.cow.fi. The team warned users to stop interacting with the site and later confirmed the issue began at 14:54 UTC.
Users should revoke all approvals made on CoW Swap after 14:54 UTC today. Tools like https://t.co/CGNBLppgWS make this easy to do. https://t.co/JNEUaTcuVd
— CoW DAO (@CoWSwap) April 14, 2026
The incident affected the frontend domain rather than the protocolās smart contracts. CoW said its backend and APIs were paused as a precaution, even though they were not directly impacted, and urged anyone who interacted with swap.cow.fi after 14:54 UTC to revoke approvals immediately using revoke.cash.
What makes the episode serious is the type of weakness it exposed. This was not a contract exploit inside the protocol itself, but an attack on the interface users rely on to reach it. That distinction matters because even when core infrastructure remains intact, a compromised frontend can still turn routine wallet interactions into a direct security risk for users who sign the wrong transaction.
Source: CoW Swap on X.
Disclaimer: Crypto Economy Flash News are based on verified public and official sources. Their purpose is to provide fast, factual updates about relevant events in the crypto and blockchain ecosystem.
This information does not constitute financial advice or investment recommendation. Readers are encouraged to verify all details through official project channels before making any related decisions.
