CoW Protocol Wallet Security Alert: April 14 Compromise Window

CoW Swap has announced it will publish a comprehensive post-mortem report in the coming days, pending receipt of information from its registrar. **What's Coming:** - Root cause analysis of the incident - Confirmed impact assessment - Complete list of hardening measures implemented The team is waiting on the registrar's post-mortem before releasing their full report. No timeline has been specified beyond "the next few days." This follows a pattern of transparency in the DeFi space, similar to Loopring's detailed incident report from 2024.

**CoW Swap suffered a DNS hijacking attack** after an attacker convinced their domain registrar they were a team member using false documents. **Attack Timeline:** - Started after 13:00 UTC on April 14 - Attacker gained control of cow.fi domain and created new SSL certificate - Deployed phishing site mimicking CoW Swap interface **Two-Phase Attack:** - **Phase 1:** Wallet drainer prompting users to sign malicious transactions - **Phase 2:** Fake wallet modals stealing seed phrases and passwords **Current Status:** - CoW Swap regained full control of cow.fi domain - Service temporarily moved to [swap.cow.finance](http://swap.cow.finance) - Backend and APIs paused as precaution - Team working to transition back to original domain *The attack targeted the DNS registrar through social engineering, not CoW's infrastructure or any data leak.*

**CoW Swap users need to take immediate action following a security incident.** **What happened:** - The CoW Swap website (http://cow.fi) was compromised between approximately 13:00 and 20:00 UTC on April 14 - Users who connected their wallets during this window may be at risk **Required actions:** - Revoke all approvals made on CoW Swap after 14:54 UTC on April 14 - Use tools like [revoke.cash](http://revoke.cash) to easily revoke permissions - If you connected during the affected timeframe, treat your wallet as compromised - Consider moving funds to a new wallet - Never enter your seed phrase anywhere **Timeline note:** The suggested time window (13:00-20:00 UTC) has been padded as an extra precaution. Take these steps now to protect your assets.

**CoW Swap is now live on Linea**, Ethereum's L2 network, bringing gasless trading and advanced order types to the platform. **Key features on Linea:** - Gasless swaps by default - no ETH needed for gas - Limit and TWAP orders - Swap & Send functionality - Upcoming Swap & Bridge feature **How it works:** CoW Protocol's solver network competes to find the best prices across DEXs while protecting users from MEV attacks. **Expanded Aave integration** also launched, powering more DeFi operations: - Collateral swaps - Repay-with-collateral transactions - Debt swapping All operations are **gas-optimized and MEV-protected**. The integration uses intent-based transactions - users specify what they want, and solvers find the optimal execution path. **Benefits include:** - Solver-routed execution for better prices - Shared liquidity across $10B+ monthly volume - Simplified user experience with fewer approvals Try CoW Swap on Linea: [swap.cow.fi](https://swap.cow.fi/#/59144/swap/WETH/0x176211869cA2b568f2A7D4EE941E073a821EE1ff) Learn more about the Aave integration: [aave.com/blog/aave-cow-swap](https://aave.com/blog/aave-cow-swap)