Overview
- Blockaid, which flagged cow.fi as malicious Tuesday, said users should avoid the dApp as CoW Swap confirmed a DNS hijack that began at 14:54 UTC and paused services.
- CoW Swap said its backend and APIs were not breached and were halted only as a precaution during the investigation.
- Users were told to revoke any token approvals made after 14:54 UTC using tools like revoke.cash, which stops future transfers but cannot recover funds already moved.
- Community reports point to losses, with a researcher estimating roughly $500,000 drained, and the team said it is verifying reports and expects a fuller assessment in the coming days.
- The incident fits a rise in DeFi DNS and front-end hijacks that redirect visitors to lookalike sites to solicit harmful signatures, as seen in recent cases involving OpenEden, Curvance, Maple Finance, and Curve.