CoW Swap Confirms Safety After Vercel Investigation
CoW Swap Confirms Safety After Vercel Investigation
🔒 All clear
CoW Swap has completed security checks following Vercel's infrastructure investigation and confirmed the platform is safe to use.
Actions taken:
- Rotated all authentication tokens
- Audited deployments (no malicious code found)
- Reviewed activity logs (no suspicious access detected)
The team has no indication CoW Swap was among Vercel's impacted customers but implemented all recommended remediation steps as a precaution.
This follows a DNS hijacking incident where an attacker used social engineering to gain control of the cow.fi domain through the DNS registrar. The attack deployed phishing sites that attempted to drain wallets and harvest seed phrases. CoW Protocol's backend and APIs were never compromised during the incident.
🚨🚨 We are currently experiencing an issue with the CoW Swap frontend (swap.cow.fi). While we are investigating, please DO NOT use CoW Swap.
We’ll continue monitoring as Vercel’s investigation progresses. We have no indication CoW Swap was among the impacted customers. However, we still completed all recommended remediation steps: ✅ Rotated all tokens ✅ Audited deployments -> no malicious code ✅ Reviewed activity
We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin: vercel.com/kb/bulletin/ve…
Sometime after 13:00 UTC yesterday, an attacker gained enough control over cow.fi to create a new SSL certificate and serve malicious content to CoW Swap's primary domain. They were able to do this by convincing our DNS registrar that they were a CoW Swap team
UPDATE: The swap dot cow dot fi domain is currently locked and not accessible. We are working with security experts to assert control over the domain while it is locked, but we *do not* expect it to be live again tonight. For those who rely on CoW Swap daily, we have spun up a
We have a new instance of CoW Swap live now at cow.finance to allow safe usage of the protocol. Please remain cautious and continue to refrain from using swap dot cow dot fi until the team signals it is safe to use.
Once they had control of the domain, the attacker deployed a phishing site designed to look exactly like CoW Swap. The attack escalated in two phases: - Phase 1: wallet drainer (connected wallets prompted to sign malicious transactions) - Phase 2: fake wallet modals harvesting
🚨🚨 UPDATE: CoW Swap experienced a DNS hijacking at 14:54 UTC (approximately 90 minutes ago). The CoW Protocol backend and APIs were not impacted, but we have paused them temporarily as a precaution. We are now actively working to resolve the situation. Please continue to
UPDATE: We now have full control of the cow.fi domain. CoW Swap has been working as normal at cow.finance for some time now, and we are now working to transition it back to it's original domain. In the meantime, here is an update on we know about
CoW Swap Publishes Domain Hijack Post-Mortem
CoW Swap has released a detailed post-mortem following an April 14 domain hijacking incident. The report includes: - Root cause analysis of the security breach - Confirmed impact assessment - Hardening measures implemented to prevent future incidents The team coordinated with their domain registrar to compile a comprehensive breakdown of what occurred. The full transparency report is now available, detailing the timeline of events and security improvements. CoW Swap thanked users for their patience during the investigation period.
CoW Protocol Wallet Security Alert: April 14 Compromise Window
**Critical Security Alert for CoW Protocol Users** If you connected your wallet to cow.fi between approximately 13:00 and 20:00 UTC on April 14, 2026, take immediate action: - **Treat your wallet as compromised** - Revoke all token approvals using [revoke.cash](http://revoke.cash) or similar services - Consider transferring funds to a new wallet - Never enter your seed phrase anywhere **Important Notes:** - The time window has been extended as a precautionary measure - All users should revoke approvals made after 14:54 UTC on April 14 - Use trusted revocation tools like [revoke.cash](http://revoke.cash) to safely remove permissions This security incident affects users who interacted with the CoW Protocol platform during the specified timeframe. Taking these steps promptly will help protect your assets from potential unauthorized access.
🚨 CoW Swap Security Alert: Revoke Approvals Immediately
**CoW Swap users need to take immediate action following a security incident.** **What happened:** - The CoW Swap website (cow.fi) was compromised between approximately 13:00 and 20:00 UTC on April 14 - Users who connected their wallets during this window may be at risk **Required actions:** - Revoke all approvals made on CoW Swap after 14:54 UTC on April 14 - Use tools like [revoke.cash](http://revoke.cash) to easily revoke permissions - Treat your wallet as potentially compromised if you connected during the affected timeframe - Consider moving funds to a new wallet - Never enter your seed phrase anywhere **Timeline note:** The suggested time window (13:00-20:00 UTC) has been padded as an extra precaution. Take action now to protect your assets.
CoW Swap Launches on Linea L2 and Deepens Aave Integration
**CoW Swap is now live on Linea**, Ethereum's L2 network, bringing gasless trading and advanced order types to the platform. **Key features on Linea:** - Gasless swaps by default - no ETH needed for gas - Limit and TWAP orders - Swap & Send functionality - Upcoming Swap & Bridge feature **How it works:** CoW Protocol's solver network competes to find the best prices across DEXs while protecting users from MEV attacks. **Expanded Aave integration** also launched, powering more DeFi operations: - Collateral swaps - Repay-with-collateral transactions - Debt swapping All operations are **gas-optimized and MEV-protected**. The integration uses intent-based transactions - users specify what they want, and solvers find the optimal execution path. **Benefits include:** - Solver-routed execution for better prices - Shared liquidity across $10B+ monthly volume - Simplified user experience with fewer approvals Try CoW Swap on Linea: [swap.cow.fi](https://swap.cow.fi/#/59144/swap/WETH/0x176211869cA2b568f2A7D4EE941E073a821EE1ff) Learn more about the Aave integration: [aave.com/blog/aave-cow-swap](https://aave.com/blog/aave-cow-swap)