CoW Swap Hack: $1.2M Lost via DNS Domain Hijack

CoW Swap suffered a reported ~$1.2M loss after attackers hijacked the project’s domain via social engineering and redirected users to a look-alike phishing site. CoW Protocol contracts were not compromised, but the DNS/domain-control attack targeted the access layer by stealing wallet approvals and transaction signatures. CoW said the attackers impersonated legitimate personnel to deceive the domain registrar, then changed DNS records to point to the fraudulent website. In response, CoW regained domain control, migrated to a more secure registrar, and applied a registry lock. CoW DAO urged users to revoke approvals granted after 14:54 UTC, especially those tied to the original GPv2VaultRelayer contract. Earlier reporting estimated losses around ~$500k (figures vary and are unconfirmed), with at least one victim reportedly losing $50k+. Aave also disabled CoW Swap endpoints for integrators as a precaution, while confirming Aave’s interface and protocol were unaffected. For traders, the key takeaway is that CoW Swap’s smart-contract health appears intact, but malicious approvals can still directly cause loss. Expect short-term sentiment risk for web-based DeFi aggregators; mitigation centers on verifying URLs before connecting or signing and promptly revoking suspicious allowances.
Neutral
The incident is an access-layer compromise of CoW Swap’s domain/DNS and front-end rather than a settlement smart-contract exploit. That limits long-term protocol damage, keeping the broader DeFi infrastructure risk contained. However, it can still trigger short-term trading caution: users may revoke approvals, integrators may pause routes, and liquidity/usage sentiment for CoW Swap and DEX aggregators can dip. Since Aave confirmed its protocol was unaffected and CoW’s on-chain components were reportedly intact, the overall price impact on the relevant assets is likely limited and temporary—hence a neutral read.