CoW Swap, one of the core foundational infrastructures for Ethereum DeFi, reportedly suffered a security incident on April 14. The official statement said that its front-end website was subjected to DNS hijacking (domain hijacking), which could expose users to phishing risks, and it urgently called on users to pause using the platform.
On X, the team said: “Right now, there is an issue with the CoW Swap front end. Until the investigation is completed, do not use it.” A senior DeFi veteran also advised that all users who carried out any actions after 14:54 UTC on the same day should immediately revoke their approvals.
Front end hijacked: The protocol isn’t broken, but the risk is still high
This incident is a typical “front-end attack.” In other words, attackers take control of the website entry point to lead users into interacting with malicious contracts, rather than directly compromising the protocol itself. CoW DAO later explained that its back-end protocols and API are still safe, but out of caution it has temporarily stopped the service. Although it has not yet confirmed whether any users’ assets have been affected, attacks like this are often difficult to detect in time. The main risk comes from users’ granted permissions being phished away.
What is CoW Swap: collect transactions first, then price them against each other
CoW Swap is a decentralized trading protocol based on intents, and it is also a DEX aggregator. Unlike traditional decentralized exchanges, it does not put users’ trades on-chain immediately. Instead, it collects orders over a period of time and performs “batch auctions.”
In simple terms, you can think of it like this: “First, collect everyone’s buy/sell orders, and then use competitive bidding to find the best execution path.” Its core mechanisms include solver competition to execute orders, cross-DEX price discovery, and the “Coincidence of Wants” matching logic: if two users’ trade directions happen to complement each other—there are even cases where they can be matched directly—this reduces slippage and improves price efficiency.
Why it went viral in DeFi: a representative anti-MEV design
CoW Swap became popular in the DeFi space largely due to its design aimed at countering MEV (maximum extractable value). Traditional DEX trades are exposed in the public mempool, making them susceptible to front-running or sandwich attacks. CoW, by contrast, uses batch auctions and private order collection to greatly reduce the chances that arbitrage bots intercept transactions.
Backed by the Ethereum Foundation: entering an institutional-grade trading environment
In April 2026, the Ethereum Foundation announced that, through CoW DAO’s TWAP (time-weighted average price) mechanism, it would convert 5,000 ETH to stablecoins in batches to fund development and operating expenses.
According to DeFiLlama data, CoW Swap’s trading volume over the past 30 days was around $3.5 billion, with cumulative fee revenue of about $50 million.
Even though this incident is currently limited to the front end, what the market is focused on is its potential ripple effects. Since CoW Swap is widely integrated into multiple DeFi protocols, risks could impact the applications that rely on its execution layer. At the same time, any protocols that use intent-based designs, solver auctions, or batch execution mechanisms may also be scrutinized for their security design. However, it’s important to emphasize that events like this usually fall under “entry-layer risk” and do not necessarily mean systemic vulnerabilities across the entire Ethereum or DEX ecosystem.
DeFi veterans warn: if you didn’t take any actions, revoke everything
As the incident continues to develop, a senior DeFi player suggested: if you don’t currently have any on-chain actions you need to perform, you should fully revoke all approvals. The reason is that in many asset-theft cases, the assets are not stolen because contracts were broken into; rather, users have granted malicious contracts permission to move their assets without knowing it. In a scenario where the front end is hijacked, even if the protocol itself is safe, as long as you ever authorized via that entry point, risk may still be left behind.
This article, even the Ethereum Foundation uses it! CoW Swap front end gets hacked; DeFi veterans recommend revoking approvals. First appeared on Chain News ABMedia.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
