Blockaid flags CoW Swap’s cow.fi frontend as malicious, urging users to revoke token approvals and avoid the dApp amid a broader wave of DeFi interface attacks.
Summary
- Blockaid flags CoW Swap’s main cow.fi frontend as malicious.
- Users are urged to revoke token approvals and avoid the dApp immediately.
- Incident highlights growing wave of DeFi frontend attacks across major protocols.
Blockchain security firm Blockaid has warned that CoW Swap’s primary website COW.FI has been compromised in a suspected frontend attack, marking the latest high‑profile exploit attempt against a major DeFi trading interface.
In an alert shared on X, Blockaid said its system “has detected a front-end attack targeting Cowswap” and confirmed that the cow.fi domain has been flagged as malicious inside Blockaid‑integrated wallets, advising users “to refrain from signing transactions and avoid interactions with the dApp until the issue is resolved.”
Following the warning, CoW Swap community channels and independent security commentators urged traders who had connected wallets to CoW Swap to immediately revoke any outstanding token approvals and to stop interacting with the platform’s frontend until further notice, even though underlying smart contracts have not been reported as compromised.
🚨 Community Alert:
Blockaid’s system has identified a front-end attack on @CoWSwap.
The site cow[.]fi has been flagged as malicious.
Avoid any interactions with the dApp immediately. pic.twitter.com/QKGk3DtPjH
— Blockaid (@blockaid_) April 14, 2026
Blockaid alert adds to DeFi frontend attack wave {#blockaid-alert-adds-to-defi-frontend-attack-wave}
Blockaid’s latest alert comes amid a surge in so‑called frontend hijacks, where attackers compromise a project’s website or DNS rather than its on‑chain contracts, silently swapping legitimate transaction prompts for malicious ones that drain user wallets.linkedin+1
In February, Blockaidreported a similar frontend attack on tokenization platform OpenEden, warning users to “refrain from signing transactions and avoid interactions with the dApp until the issue is resolved,” while separate incidents have recently hit lending protocol Curvance and asset manager Maple Finance.
As highlighted in CoW Swap’s own DeFi security guides, these attacks target “people, devices, and transaction behavior instead of only attacking code,” making basic hygiene like checking URLs, using browser bookmarks and monitoring token approvals critical for retail and professional users alike.
Security platforms such as Kerberus and Revoke‑style tools recommend users regularly audit and revoke token approvals after any suspected incident, noting that revocation “only removes future permission for that contract to move your tokens” and cannot recover funds already drained.
ForDeFi traders, the CoW Swap incident underscores a lesson that keeps recurring in crypto.news coverage of exchange exploits, bridge hacks and protocol drains: even when audited smart contracts remain intact, a single compromised frontend can still turn a routine swap into a total wallet loss if users sign blind.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
RedPeach Implements Facial Recognition Tests to Ban Sex Robots and Fake Creators
RedPeach has introduced mandatory facial recognition for content creators to combat impersonation by AI and outsourced chatters, ensuring genuine interactions. CEO Marco Cally emphasizes user protection against emotional scams, following legal challenges in the industry.
GateNews1h ago
Bitcoin Core Developers Propose BIP-361 to Freeze 1.7M Early BTC Against Quantum Computing Threats
BIP-361, proposed by co-authors including Jameson Lopp, aims to secure early Bitcoin by migrating 1.7 million coins from weak P2PK addresses to stronger formats, allowing 3-5 years for users before freezing untransferred coins. Community responses vary significantly.
GateNews6h ago
CoW Swap Recovers cow.fi Domain After Social Engineering Attack on April 14
CoW Swap regained control of its cow.fi domain after a social engineering attack that occurred on April 14. The attackers used forged documents to manipulate the DNS registrar and deploy a phishing site. Users affected by the incident are advised to revoke transaction approvals and transfer funds.
GateNews7h ago
Florida and Massachusetts jointly recover $5.4 million in cryptocurrency scam assets
The Florida State Attorney’s Office and the Marion County Sheriff’s Office jointly recovered $5.4 million in cryptocurrency scam funds, involving an investment fraud scheme that used romance as a cover. Some of the funds have been returned to victims in Florida and Massachusetts. Since its inception, CFEU has recovered $7.2 million, and another $12.6 million in assets remains frozen. Massachusetts has also carried out multiple law-enforcement actions, shutting down scam websites and recovering funds.
MarketWhisper9h ago
Florida and Massachusetts Recover $5.4M in Crypto Fraud Assets from Romance Scam Scheme
Authorities in Florida and Massachusetts recovered $5.4 million in cryptocurrency from romance scam-related investment fraud, with victims receiving partial refunds. Ongoing efforts continue against crypto fraud, with additional assets under litigation.
GateNews10h ago
Crypto’s most ridiculous robbery? A hacker minted $1 billion in DOT tokens, but only stole $230k
Hackers exploited the Hyperbridge cross-chain bridge vulnerability to mint 1 billion Polkadot (DOT) tokens. The nominal value was over $1.19 billion, but due to insufficient liquidity, they ultimately cashed out only about $237k. The attack was successful because the smart contract did not properly verify messages, allowing the hackers to steal administrative control and mint coins. The incident highlights the key role of market liquidity in the success of arbitrage.
CryptoCity23h ago
