Share this article
Popular DeFi platform warns users to stay away from its site after security breach
The team that helps operate the platform, CoW Swap, said that it was working to resolve the issue for the DEX aggregator.
Apr 14, 2026, 6:27 p.m.
What to know:
- CoW Swap temporarily paused its platform after a DNS hijacking attack redirected users from its website, warning traders to avoid the interface while the issue is being resolved.
- The protocol’s core systems were not compromised, but the incident highlights ongoing security risks around web front-ends in DeFi platforms like CoW Swap, which aggregates liquidity and optimizes trades via competing solvers.
DNS hijacking allows attackers to redirect users from a legitimate domain to a malicious lookalike site, often with the goal of draining crypto wallets or harvesting private data. The attack vector has become a persistent weak point in decentralized finance, where users typically rely on web-based interfaces to access otherwise secure smart contracts.
CoW Swap operates as a decentralized exchange aggregator, sourcing liquidity across venues and using a mechanism known as “Coincidence of Wants” to match trades directly between users or batch them for more efficient execution. Orders are handled by competing “solvers” that optimize trade outcomes, a design intended to reduce slippage and limit exposure to maximal extractable value (MEV).
