CoWSwap Flagged Malicious: Frontend/DNS Hijack Warning

Published: 2026-04-15 03:47:02 |

CoWSwap users face a security warning after Blockaid flagged the CoWSwap site as malicious. The issue is linked to a frontend attack/DNS hijack affecting the domains cow.fi and swap.cow.fi. CoWSwap confirmed the frontend was breached, while the core protocol/smart contracts were not compromised. Blockaid advised users to stop interacting with the dApp immediately. Traders are especially exposed if they connected wallets after 14:54 UTC, because the attack aims to trick users into signing malicious transactions. Recommended mitigations include revoking wallet approvals using tools such as Revoke.cash, and avoiding all CoWswap-related domains until an official “all-clear” is issued. The CoWSwap team also halted the protocol to reduce risk while investigation continues. Market relevance: this is a DeFi UI compromise rather than an on-chain protocol exploit, but it can still trigger short-term sentiment damage, temporary liquidity pullbacks, and heightened caution around wallet permissions. As CoWSwap updates progress, traders may react to confirmation of safety vs. any further findings.

Bearish

A CoWSwap frontend/DNS hijack warning is a negative risk signal for DeFi users, even without an on-chain smart-contract breach. In similar incidents (UI spoofing, phishing via malicious dApp frontends, and DNS redirections), the immediate market effect is usually short-term: traders often reduce exposure to the affected protocol and sector-wide DeFi risk, while monitoring for further confirmations. Short-term, this can pressure sentiment and liquidity because users may revoke approvals, pause interactions, and wait for an “all-clear.” It may also increase volatility in related DeFi narratives as capital temporarily rotates to safer venues. Long-term, the impact depends on whether the issue remains limited to the frontend and how quickly the team restores trust. If CoWSwap provides timely updates and no further malicious domains are found, the downside can fade. However, the broader lesson—frontend vulnerabilities and permission-risk—often keeps traders more cautious for weeks, supporting a risk-off posture across DeFi.