CoW Swap Awaits Registrar Post-Mortem Before Publishing Full Incident Report

**CoW Swap suffered a DNS hijacking attack** after an attacker convinced their domain registrar they were a team member using false documents. **Attack Timeline:** - Started after 13:00 UTC on April 14 - Attacker gained control of cow.fi domain and created new SSL certificate - Deployed phishing site mimicking CoW Swap interface **Two-Phase Attack:** - **Phase 1:** Wallet drainer prompting users to sign malicious transactions - **Phase 2:** Fake wallet modals stealing seed phrases and passwords **Current Status:** - CoW Swap regained full control of cow.fi domain - Service temporarily moved to [swap.cow.finance](http://swap.cow.finance) - Backend and APIs paused as precaution - Team working to transition back to original domain *The attack targeted the DNS registrar through social engineering, not CoW's infrastructure or any data leak.*

**Critical Security Alert for CoW Protocol Users** If you connected your wallet to cow.fi between approximately 13:00 and 20:00 UTC on April 14, 2026, take immediate action: - **Treat your wallet as compromised** - Revoke all token approvals using [revoke.cash](http://revoke.cash) or similar services - Consider transferring funds to a new wallet - **Never enter your seed phrase anywhere** **Important Notes:** - The time window has been extended as a precautionary measure - All users should revoke approvals made on CoW Swap after 14:54 UTC on April 14 - Use tools like [revoke.cash](http://revoke.cash) to simplify the revocation process **What to Do Now:** 1. Check if you used cow.fi during the affected timeframe 2. Immediately revoke all approvals if you did 3. Monitor your wallet for suspicious activity 4. Move assets to a fresh wallet if necessary This is a time-sensitive security matter requiring immediate attention from affected users.

**CoW Swap users need to take immediate action following a security incident.** **What happened:** - The CoW Swap website (http://cow.fi) was compromised between approximately 13:00 and 20:00 UTC on April 14 - Users who connected their wallets during this window may be at risk **Required actions:** - Revoke all approvals made on CoW Swap after 14:54 UTC on April 14 - Use tools like [revoke.cash](http://revoke.cash) to easily revoke permissions - If you connected during the affected timeframe, treat your wallet as compromised - Consider moving funds to a new wallet - Never enter your seed phrase anywhere **Timeline note:** The suggested time window (13:00-20:00 UTC) has been padded as an extra precaution. Take these steps now to protect your assets.

**CoW Swap is now live on Linea**, Ethereum's L2 network, bringing gasless trading and advanced order types to the platform. **Key features on Linea:** - Gasless swaps by default - no ETH needed for gas - Limit and TWAP orders - Swap & Send functionality - Upcoming Swap & Bridge feature **How it works:** CoW Protocol's solver network competes to find the best prices across DEXs while protecting users from MEV attacks. **Expanded Aave integration** also launched, powering more DeFi operations: - Collateral swaps - Repay-with-collateral transactions - Debt swapping All operations are **gas-optimized and MEV-protected**. The integration uses intent-based transactions - users specify what they want, and solvers find the optimal execution path. **Benefits include:** - Solver-routed execution for better prices - Shared liquidity across $10B+ monthly volume - Simplified user experience with fewer approvals Try CoW Swap on Linea: [swap.cow.fi](https://swap.cow.fi/#/59144/swap/WETH/0x176211869cA2b568f2A7D4EE941E073a821EE1ff) Learn more about the Aave integration: [aave.com/blog/aave-cow-swap](https://aave.com/blog/aave-cow-swap)