BlockBeats News, April 17th. According to official sources, the CoW Swap incident review report stated that its domain cow.fi suffered a supply chain attack on April 14, 2026. The attacker intruded into the .fi domain registration process through social engineering and hijacked the DNS resolution, redirecting users to a phishing website when they accessed swap.cow.fi for several hours. During the affected period, the attacker deployed a fake transaction interface and attempted to deceive users into connecting their wallets and signing malicious transactions.

The report indicated that this incident did not impact the CoW Protocol's on-chain contracts, backend systems, or user fund security. Core infrastructure such as AWS/Vercel services was not compromised. The attack occurred during the domain registration and transfer process. The attacker gained control through forged identity documents and registration process vulnerabilities, briefly changing the domain's pointing. The team identified the anomaly and initiated emergency response within 19 minutes, subsequently migrating to cow.finance and completing domain recovery in about 26 hours.

The CoW team mentioned that the affected users were primarily those who visited the website during the domain hijack period, with an initial estimated loss of approximately $1.2 million. cow.fi has now been reactivated with additional security measures like RegistryLock. The team has also commenced external security audits, legal actions, and potential user compensation plans. The official statement emphasized that the vulnerability has been patched, and they plan to enhance domain infrastructure security through governance and industry collaboration.