CoW Swap publie un rapport de récapitulation sur l'incident d'attaque : le domaine cow.fi a été détourné dans le cadre d'une attaque de la chaîne d'approvisionnement de l'enregistrement, une estimation préliminaire des pertes des utilisateurs s'élève à environ 1,2 million de dollars.

Deep Tide TechFlow News, April 17th, according to official reports, the CoW Swap attack incident review report states that its domain cow.fi was targeted by a supply chain attack on April 14, 2026. The attacker infiltrated the .fi domain registration process through social engineering and hijacked DNS resolution, causing users to be redirected to phishing sites when accessing swap.cow.fi within a few hours. During the affected period, the attacker deployed a fake transaction interface and attempted to lure users into connecting their wallets and signing malicious transactions.

The report shows that this incident did not affect the on-chain contracts, backend systems, or user funds of CoW Protocol; core infrastructure and services such as AWS / Vercel were not compromised. The attack occurred during the domain registration and transfer phase, where the attacker gained control by forging identity documents and exploiting registration process vulnerabilities, then briefly modified the domain to point elsewhere. The team confirmed the anomaly within 19 minutes and initiated emergency response, then migrated to cow.finance and completed domain recovery in about 26 hours.

The CoW team stated that affected users mainly consisted of those who accessed the official website during the domain hijacking period, with an initial estimated loss of approximately 1.2 million USD. Currently, cow.fi has been re-enabled with added security measures such as RegistryLock, and the team has initiated external security audits, legal accountability, and potential user compensation plans. The official emphasized that the vulnerability has been fixed and plans to enhance domain infrastructure security through governance and industry collaboration.