CoW DAO approves cow.fi hijack victim compensation via discretionary grants
CoW DAO has approved a governance-backed discretionary grants programme (CIP-86) for victims of the April cow.fi domain hijack. Eligible claimants can receive up to 100% of verified losses, with claims due by May 14 and payout targeted by May 31.
The cow.fi incident was an off-chain supply-chain attack: attackers exploited social engineering at registrar Gandi SAS to briefly take control of cow.fi DNS for about 4.5 hours. Users were redirected to a phishing UI that mimicked CoW Swap, tricking wallets into signing malicious approvals. The project estimates losses of around $1.2m, mainly in USDC and other tokens.
CoW DAO says the CoW Protocol smart contracts and backend were not breached—“entirely at the domain registrar layer.” The grants are framed as voluntary “goodwill” funded from the Legal Defense Reserve, not an admission of legal liability, while the DAO retains discretion to pursue third-party action.
For traders, the cow.fi update reduces immediate uncertainty about CoW Swap smart-contract risk, but it reinforces that registrar/DNS phishing can still cause wallet-level damage. Expect short-term FUD relief, yet continued focus on verifying front-ends and transaction approvals.
Neutral
The incident did not compromise CoW Protocol smart contracts, so direct protocol safety risk for CoW Swap appears limited. By approving cow.fi victim compensation from the Legal Defense Reserve, CoW DAO reduces reputational uncertainty and may ease short-term FUD, which is mildly supportive for confidence.
However, the attack vector is a real and recurring threat in DeFi: domain/DNS social engineering that leads to malicious approvals at the wallet level. That keeps trader caution high, and any market-wide sentiment impact is unlikely to translate into a sustained bullish move for any specific coin. Hence, the net expectation for the relevant asset is neutral.