CoW Swap Releases Full Post-Incident Report on Domain Hijacking Event, User Losses Estimated at Approximately $1.2 Million

Foresight News
Foresight News|Apr 17, 2026 06:18
Foresight News reports that CoW Swap has released a full post-incident report on the domain hijacking event. The nature of this incident was a supply chain attack: the attacker used social engineering tactics targeting the .fi domain registry Traficom and registrar Gandi SAS, successfully redirecting the domain's DNS to a Cloudflare server controlled by the attacker, providing a phishing website to users for several hours. CoW Protocol's smart contracts, backend APIs, solver network, and signature infrastructure were not affected; the attack occurred entirely at the domain registration supply chain level. The team detected the issue within 19 minutes and completed the service migration to cow.finance in approximately 3.5 hours. The domain was fully restored on April 15 and RegistryLock has been enabled. Preliminary analysis estimates user losses at approximately $1.2 million.
+3
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads