CoW Swap releases attack incident review report: cow.fi domain hijacking was caused by a supply chain attack on the registration link, with an initial estimate of user losses of approximately 1.2 million USD

Deep Tide TechFlow News, April 17th, according to official reports, the CoW Swap attack incident review report states that its domain cow.fi was targeted by a supply chain attack on April 14, 2026. The attacker infiltrated the .fi domain registration process through social engineering and hijacked DNS resolution, causing users to be redirected to phishing websites when accessing swap.cow.fi within a few hours. During the affected period, the attacker deployed fake transaction interfaces and attempted to lure users into connecting their wallets and signing malicious transactions.

The report shows that this incident did not impact CoW Protocol’s on-chain contracts, backend systems, or user funds security. Core infrastructure and services such as AWS and Vercel were not compromised. The attack occurred during the domain registration and transfer phase, where the attacker gained control by forging identity documents and exploiting registration process vulnerabilities, briefly redirecting the domain. The team confirmed the anomaly within 19 minutes and initiated emergency response, then migrated to cow.finance and restored the domain in approximately 26 hours.

The CoW team stated that affected users mainly consisted of those who visited the official website during the domain hijacking period, with an initial estimated loss of about $1.2 million. Currently, cow.fi has been re-enabled with added security measures such as RegistryLock. The team has also initiated external security audits, legal accountability measures, and potential user compensation plans. The official emphasized that the vulnerability has been fixed and plans to improve domain infrastructure security through governance and industry collaboration.