CoW Swap Regains Control of cow.fi Domain After Social Engineering Attack

CoW Swap Regains Control of cow.fi Domain After Social Engineering Attack

First seen 16 Apr 2026, 05:45 UTC ThedefiantBitgetKucoinMexc 85% similarity 57.8

Article Content

Browse articles
ThreatCluster

On April 14, 2026, CoW Swap's cow.fi domain was compromised through a social engineering attack that deceived the DNS registrar with forged documents. The attacker created a phishing website that operated in two phases: first, tricking users into signing malicious transactions via a wallet drainer, and second, stealing mnemonic phrases and passwords through fake wallet pop-ups. This attack did not exploit CoW Swap's infrastructure or involve any private key leaks. Affected users are advised to use tools like Revoke.cash to revoke all approvals and consider transferring their funds to new wallets. As of April 16, CoW Swap has regained control of the cow.fi domain and is transitioning back from cow.finance. The incident highlights the vulnerabilities in domain registration processes and the importance of user vigilance against phishing attempts.

Key Points: • CoW Swap's cow.fi domain was compromised via social engineering on April 14, 2026. • The attack involved a two-phase phishing scheme targeting users' wallets and credentials. • Affected users are advised to revoke permissions and consider moving funds to new wallets.

ThreatCluster AI

Timeline

2026-04-14
Attacker gained control of cow.fi domain using forged documents.
2026-04-14
Phishing website launched to steal user credentials.
2026-04-16
CoW Swap regained control of cow.fi domain.
2026-04-16
CoW Swap announced transition back to cow.fi from cow.finance.

Community

Browse all →