CoW DAO Compensates Users After DNS Hijack Despite Protocol Remaining Secure
CoW DAO Compensates Users After DNS Hijack Despite Protocol Remaining Secure
🛡️ Making users whole
CoW DAO is reimbursing users affected by an April 14 DNS hijacking attack, even though the protocol itself was never compromised.
What happened:
- Attackers used social engineering to gain control of cow.fi domain from the registrar for ~4.5 hours
- A phishing site mimicked CoW Swap, tricking users into approving malicious transactions
- Attack occurred in two phases: wallet drainer, then fake modals harvesting seed phrases
- CoW Protocol's backend and APIs remained secure throughout
Response:
- Domain control was recovered and full post-mortem published
- DAO proposed discretionary grants program to make victims whole
- All security tokens rotated, deployments audited, activity logs reviewed
- Temporary instance launched at swap.cow.finance during recovery
The decision reflects CoW DAO's stance that user protection matters regardless of where the vulnerability occurred. The compensation requires governance approval due to the amounts involved.
🚨🚨 We are currently experiencing an issue with the CoW Swap frontend (swap.cow.fi). While we are investigating, please DO NOT use CoW Swap.
Our protocol wasn't hacked. But our users were hurt. That's enough for us. CoW DAO is making affected users whole after the April 14 DNS hijack. Here's how. 🧵
2/ On April 14, a social engineering attack on our domain registrar gave hackers control of our domain for ~4.5 hours. During that window, a phishing site tricked users into approving malicious transactions. CoW Protocol was never compromised. But that doesn't make it hurt less.
We’ll continue monitoring as Vercel’s investigation progresses. We have no indication CoW Swap was among the impacted customers. However, we still completed all recommended remediation steps: ✅ Rotated all tokens ✅ Audited deployments -> no malicious code ✅ Reviewed activity
We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin: vercel.com/kb/bulletin/ve…
Sometime after 13:00 UTC yesterday, an attacker gained enough control over cow.fi to create a new SSL certificate and serve malicious content to CoW Swap's primary domain. They were able to do this by convincing our DNS registrar that they were a CoW Swap team
Update: CoW Swap has received communication from Vercel stating, “At this time, we do not have reason to believe your Vercel credentials or personal data have been compromised.”
User protection is a core promise of CoW Swap. We are therefore proposing a discretionary grants program so that victims of the April 14 DNS hijacking incident can be made whole as quickly as possible. Proposal details can be found on the CoW DAO forum, here:
4/ We also had a domain hijack in April. cow.fi was socially engineered away from our registrar. We recovered it, communicated in real time, and published a full post-mortem covering what happened and the steps taken afterward. Accountability matters.
UPDATE: The swap dot cow dot fi domain is currently locked and not accessible. We are working with security experts to assert control over the domain while it is locked, but we *do not* expect it to be live again tonight. For those who rely on CoW Swap daily, we have spun up a
We have a new instance of CoW Swap live now at cow.finance to allow safe usage of the protocol. Please remain cautious and continue to refrain from using swap dot cow dot fi until the team signals it is safe to use.
Once they had control of the domain, the attacker deployed a phishing site designed to look exactly like CoW Swap. The attack escalated in two phases: - Phase 1: wallet drainer (connected wallets prompted to sign malicious transactions) - Phase 2: fake wallet modals harvesting
🚨🚨 UPDATE: CoW Swap experienced a DNS hijacking at 14:54 UTC (approximately 90 minutes ago). The CoW Protocol backend and APIs were not impacted, but we have paused them temporarily as a precaution. We are now actively working to resolve the situation. Please continue to
UPDATE: We now have full control of the cow.fi domain. CoW Swap has been working as normal at cow.finance for some time now, and we are now working to transition it back to it's original domain. In the meantime, here is an update on we know about
CoW Protocol Domain Hijack Claims Deadline Today
**Final day to submit claims for CoW Protocol domain hijack compensation** Victims of the CoW.Fi domain hijacking incident have until **today, May 14** to submit claims for discretionary grants. **Required information:** - Impacted wallet address - Transaction hashes - Affected assets - Your name Send claims to help@cow.fi with subject line: *Discretionary Grant Claim for CoW.Fi Domain Hijack Incident* Full eligibility details: [forum.cow.fi](https://forum.cow.fi/t/cip-86-discretionary-grants-program-for-victims-of-the-cow-fi-domain-hijacking/3431/11) **Action needed:** If you were affected or know someone who was, submit your claim before the deadline expires.
CoW Protocol Compensates Users After Security Incident
CoW Protocol announced it will compensate affected users following a security incident, despite the failure not originating from their platform. **Key Points:** - The protocol is taking responsibility by making affected users whole - Decision reflects their commitment to user trust and relationships - Security breach occurred outside CoW Protocol's direct control The move demonstrates the platform's dedication to maintaining community trust, even when technical failures stem from external sources. CoW Protocol continues to prioritize user security and well-being during this challenging period.
CoW DAO Approves Grants Program to Reimburse DNS Hijacking Victims
**CoW DAO has passed CIP-86**, a community governance proposal establishing a discretionary grants program. The program will reimburse users who lost funds during the April 14 DNS hijacking incident on CoW Swap. **Key details:** - The proposal passed through community governance vote - Aims to make victims whole as quickly as possible - Addresses losses from the domain hijacking attack The incident involved significant sums, requiring formal governance approval before implementation. The community discussed proposal details on the [CoW DAO forum](https://forum.cow.fi/t/cip-draft-discretionary-grants-program-for-victims-of-the-cow-fi-domain-hijacking/3431).
CoW Protocol Launches Atomic Bundles for Multi-Step DeFi Workflows
CoW Protocol has introduced **Atomic Bundles**, a reusable smart contract template enabling developers to execute complex, multi-step DeFi operations atomically in a single settlement. **Key capabilities include:** - Loop-borrow-redeposit strategies - Repay debt with collateral - Flashloan-enabled executions - Atomic open/close flows for perpetuals - Multi-step payment and treasury operations All executions maintain CoW Protocol's core features: solver competition, MEV protection, and surplus generation. **For builders**, Atomic Bundles simplify development across lending (one-click looping, collateral swaps), perpetuals (atomic open/close flows), and payments (multi-step flows with zero mid-execution risk). Previously, developers needed to write custom wrapper contracts from scratch for each use case. Now they can fork the template, add their logic, and plug into CoW Protocol's solver network. Read more: [Introducing Atomic Bundles](https://cow.fi/learn/intents-can-now-do-more-introducing-atomic-bundles)