CoW Swap Warns Users to Stay Off Platform After DNS Hijacking Attack

TLDR

• CoW Swap’s website was hit by a DNS hijacking attack on Tuesday, redirecting users to a potentially malicious site
• The DAO behind CoW Swap paused its backend and APIs as a precaution
• Core protocol infrastructure and smart contracts were not compromised
• The COW token dropped over 3% following news of the attack
• Web3 projects lost $482 million to hacks and scams in Q1 2026, according to Hacken

CoW Swap, a decentralized exchange aggregator, warned users on Tuesday to stop using its website after an unknown party hijacked its domain.

The attack was detected at 14:54 UTC. The team posted on X asking users to avoid the platform’s website, swap.cow.fi, until it confirmed the site was safe.

The incident was a DNS hijacking, where attackers redirect traffic from a real website to a fake one. This type of attack is used to steal crypto wallet funds or collect private user data.

CoW Swap’s underlying smart contracts were not affected. However, the team chose to pause its backend and APIs as a precaution while it worked to fix the problem.

DNS hijacking is not new to the crypto space. Decentralized exchange Balancer was hit by a domain attack in 2023. Curve Finance has reported multiple DNS hijackings over the years.

CoW Swap works by sourcing liquidity from multiple venues and using a system called “Coincidence of Wants” to match trades between users or group them for more efficient execution.

Trades on the platform are handled by competing solvers that aim to get users the best price. The design is meant to reduce slippage and limit exposure to MEV, which is when bots reorder transactions to profit at the expense of regular users.

The platform is run by CoW DAO, a decentralized autonomous organization that grew out of the Gnosis ecosystem.

COW Token Falls on Security News

The COW token fell more than 3% after the news broke, dropping from $0.2229 to $0.2159.

The token decline came quickly after the DAO’s warning was posted on X, reflecting how security incidents can immediately affect token prices.

A Wider Web3 Security Problem

The attack on CoW Swap comes as Web3 security losses are rising. Blockchain security firm Hacken reported that Web3 projects lost $482 million to hacks and scams in Q1 2026 alone.

Hacken recorded 44 incidents in that period. Most were phishing and social engineering attacks, not smart contract exploits.

DNS hijacking has become a known weak point in DeFi. Users access secure smart contracts through web-based interfaces, and those interfaces can be targeted even when the underlying code is safe.

CoW Swap said it was actively working to resolve the situation. As of the time of reporting, the team had not confirmed the site was safe to use again.

The post CoW Swap Warns Users to Stay Off Platform After DNS Hijacking Attack appeared first on CoinCentral.