CoW Swap Halts Services After DNS Hijacking Incident
Decentralized exchange aggregator CoW Swap temporarily suspended operations on Tuesday after detecting a DNS hijacking attack targeting its website. The incident, identified at 14:54 UTC, prompted the team to warn users against interacting with the platform until further notice.
While the protocol’s backend infrastructure and APIs remained uncompromised, both were paused as a precautionary measure. DNS hijacking where attackers redirect users to malicious sites to steal funds or data has become a recurring threat in decentralized finance (DeFi), particularly for web-based interfaces that interact with secure smart contracts.
CoW Swap, governed by the CoW DAO (a decentralized autonomous organization from the Gnosis ecosystem), operates as a DEX aggregator, sourcing liquidity across platforms and using a "Coincidence of Wants" mechanism to match trades directly or batch them for efficiency. The protocol also mitigates maximal extractable value (MEV), a practice where bots manipulate transaction ordering for profit, ensuring fairer execution for users.
The team confirmed they were working to resolve the issue and advised users to avoid the platform until security was restored. No further details on the attack’s scope or impact have been disclosed.
CoW DAO cybersecurity rating report: https://www.rankiteo.com/company/cow-protocol
"id": "COW1776258259",
"linkid": "cow-protocol",
"type": "Cyber Attack",
"date": "4/2026",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Decentralized Finance (DeFi)',
'name': 'CoW Swap',
'type': 'Decentralized Exchange (DEX) Aggregator'}],
'attack_vector': 'DNS Hijacking',
'customer_advisories': 'Public warning issued to avoid the platform during '
'the incident',
'date_detected': '2023-11-07T14:54:00Z',
'date_publicly_disclosed': '2023-11-07T14:54:00Z',
'description': 'Decentralized exchange aggregator CoW Swap temporarily '
'suspended operations after detecting a DNS hijacking attack '
'targeting its website. The incident prompted the team to warn '
'users against interacting with the platform until further '
'notice. The protocol’s backend infrastructure and APIs '
'remained uncompromised but were paused as a precautionary '
'measure.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'security incident',
'downtime': 'Temporary suspension of services',
'identity_theft_risk': 'Potential risk if users interacted with '
'malicious site',
'operational_impact': 'Service disruption, halted trading '
'operations',
'payment_information_risk': 'Potential risk if users interacted '
'with malicious site',
'systems_affected': 'Website (frontend), APIs (paused as '
'precaution)'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain (potential fund/data theft)',
'references': [{'date_accessed': '2023-11-07',
'source': 'CoW Swap Public Advisory'}],
'response': {'communication_strategy': 'Public advisory to users via social '
'media/platform',
'containment_measures': 'Paused backend infrastructure and APIs, '
'warned users to avoid the platform',
'incident_response_plan_activated': 'Yes'},
'stakeholder_advisories': 'Users advised to avoid interacting with the '
'platform until security is restored',
'title': 'CoW Swap DNS Hijacking Incident',
'type': 'DNS Hijacking',
'vulnerability_exploited': 'DNS misconfiguration'}