The decentralized exchange CoW Swap has reported a major security incident after a sophisticated phishing attack led to losses of around $1.2 million. The event serves as a reminder that even established platforms are not immune to crypto hacks.
The attack, which took place on April 14, did not target the platform’s core protocol. Instead, it exploited a weakness in its domain management system. This redirected its users to a malicious website designed to mimic the official interface.
CoW Swap Domain Breach Led to $1.2M in Losses
According to the latest reports, DEX platform CoW Swap has lost around $1.2 million in a recent phishing attack. The incident happened on April 14 and quickly caught attention, even though the platform’s main system was not affected.
The team recently noted that the attackers used social engineering to take control of the platform’s domain for a short time. This allowed them to redirect users to a fake website that looked almost identical to the real one. Thus, the users believed that it was the real CoW Swap platform. It was difficult for them to identify anything suspicious or unusual.
Users who accessed this malicious website were asked to link their wallet addresses and approve transactions. Despite the fact that the main protocol remained secure, the attack resulted in considerable losses for the users. The problem has now been solved, and additional security features have been added.
It is worth noting that this incident comes on the heels of the Drift protocol hack, which lost about $220-$270 million in assets.
The DeFi protocol Aave also reacted to the CoW Swap domain hack. The company stated that the hack had not impacted the system or protocol. Aave suspended access to endpoints associated with CoW Swap integration due to security reasons. The team also reassured users that its core systems remain fully secure.
CoW Swap Takes Action after the Hack
After the domain attack, the CoW Swap team acted to limit the damage and regain control. The team detected the issue within minutes and began an emergency response. Thus, they managed the issue within around 19 minutes. To protect users, they temporarily shifted operations to a new domain. They were also working to fix the compromised one.
The attack was reportedly linked to a supply chain issue, where attackers used social engineering to take control of the cow.fi domain and redirect users to a fake website. Despite this, the team confirmed that its core systems, smart contracts, and user funds were never directly hacked.
Within roughly 26 hours, the original domain was fully restored with stronger protections in place, including advanced security locks. The team has since launched external audits, started legal action against the responsible, and is exploring ways to compensate.
Soon, they shared a “post-mortem” report on the CoW Swap attack. They asserted that the system is now fine. The platform noted, “This incident is part of a documented pattern of .fi domain hijacks targeting crypto projects.”
The post read, “Current Status: swap.cow.fi is fully operational and safe to use. The domain has been recovered, restored to our AWS account with a registry lock, and all services are running normally. You can use CoW Swap with confidence.”