CoW Swap Temporarily Suspends Access After DNS Hijacking Attack

CoW Swap, a decentralized trading interface, said Tuesday it has temporarily suspended services after identifying a domain name system (DNS) hijacking event affecting its website, highlighting persistent security risks at the frontend layer of DeFi. In a post on X, the team said the attack occurred at 14:54 UTC and urged users not to interact with the interface until further notice. The protocol's core infrastructure was not directly breached, but the backend and APIs were paused as a precaution while the team works to address the issue. DNS hijacking can reroute users from a legitimate domain to a malicious lookalike site, often aiming to drain crypto wallets or steal sensitive data. The technique remains a recurring weak point for DeFi, where users typically rely on web interfaces to reach otherwise secure smart contracts. CoW Swap is a decentralized exchange aggregator that sources liquidity across venues and uses a "Coincidence of Wants" mechanism to match trades directly between users or batch orders for more efficient execution. Orders are processed by competing "solvers" designed to optimize execution, reduce slippage, and limit exposure to maximal extractable value (MEV) — a tactic where bots reorder transactions to capture profit at users' expense. The platform is governed by CoW DAO, a decentralized autonomous organization that originated from the Gnosis ecosystem. CoW Swap has marketed itself as a user-protective DeFi trading option focused on execution quality and fairer outcomes. "We are now actively working to resolve the situation. Please continue to refrain from using swap dot cow dot fi until we confirm that it is safe to use," the team wrote on X.