CoW Swap опубликовала отчет о расследовании инцидента: захват домена cow.fi связан с атакой на цепочку поставок регистрации, предварительная оценка потерь пользователей составляет около 1,2 миллиона долларов США

Deep Tide TechFlow news, April 17, according to official reports, the CoW Swap attack incident review report states that its domain cow.fi was subjected to a supply chain attack on April 14, 2026. The attacker infiltrated the .fi domain registration process through social engineering and hijacked DNS resolution, causing users to be directed to phishing sites when accessing swap.cow.fi within hours. During the affected period, the attacker deployed a fake trading interface and attempted to lure users into connecting their wallets and signing malicious transactions.

The report shows that this incident did not affect the on-chain contracts, backend systems, or user funds of CoW Protocol; core infrastructure and services such as AWS / Vercel were not compromised. The attack occurred during domain registration and transfer stages, where the attacker gained control by forging identity documents and exploiting registration process vulnerabilities, then briefly modified the domain to point elsewhere. The team confirmed the anomaly within 19 minutes and initiated emergency response, subsequently migrating to cow.finance and restoring the domain in about 26 hours.

The CoW team stated that affected users mainly consisted of those who visited the official website during the domain hijacking period, with an initial estimated loss of approximately 1.2 million USD. Currently, cow.fi has been re-enabled with added security measures such as RegistryLock, and the team has initiated external security audits, legal accountability, and potential user compensation plans. The official emphasized that the vulnerability has been fixed and plans to enhance domain infrastructure security through governance and industry collaboration.