CoW Swap's Domain Gets CoW-napped: Front-End Breach Drains User Funds

Picture this: you're trying to swap some tokens, minding your own business, when suddenly your frontend decides to take a scenic route straight to钱包 emoji town. CoW Swap, the Ethereum-based decentralized exchange aggregator, warned users Tuesday to stop interacting with the protocol after its front-end interface was compromised. Classic Tuesday.

Attackers gained control of the website domain, redirecting visitors to a malicious site designed to steal funds through malicious transfer approvals. The backend and APIs remained untouched, though the team paused them as a precaution. So the smart contracts were fine, but apparently nobody told the DNS provider. Security through decentralization only works when you forget about the centralized parts.

"I don't know what to do anymore," one user wrote in the project's Discord, claiming losses exceeding $50,000. "I have no money at all." And there it is, folks—the exact moment a front-end hack becomes a life event. These Discord posts age like milk in a bear market.

The team confirmed a small number of users signed malicious approvals for minimal amounts, with cybersecurity researcher Vladimir S. estimating around $500,000 drained from a handful of addresses so far. Minimal amounts, he says, like that's supposed to make someone feel better. "Don't worry, you only lost enough to cover rent this quarter."

Martin Köppelmann, co-founder of Gnosis, noted the attack's scope appears limited to users who approved CoW Swap interactions within the past few hours. So if you've been sleeping on your CoW Swap positions lately, congratulations on your unintended cold storage strategy.

The incident reflects a broader trend. Curve Finance also suffered a front-end compromise Tuesday, with attackers redirecting traffic to a malicious IP. The project told Decrypt that DNS hijacks targeting crypto infrastructure have increased noticeably in recent weeks. It seems like every week there's a new DNS drama. At this point, maybe we should just start calling them DDoNS—you know, DNS-driven degen nights.

CoW Swap, a protocol favored by Ethereum co-founder Vitalik Buterin, expects a full incident assessment later this week. In the meantime, the rest of us will be here, refreshing our dashboards, triple-checking URLs, and wondering why we ever left the safety of our CEX accounts. On second thought, no we won't, because this is crypto and we never learn.