CoW Swap, one of the core foundational infrastructures for Ethereum DeFi, reportedly suffered a security incident on April 14. The official statement said that its front-end website was subjected to DNS hijacking (domain hijacking), which could expose users to phishing risks, and it urgently called on users to pause using the platform.
On X, the team said: “Right now, there is an issue with the CoW Swap front end. Until the investigation is completed, do not use it.” A senior DeFi veteran also advised that all users who carried out any actions after 14:54 UTC on the same day should immediately revoke their approvals.
Front end hijacked: The protocol isn’t broken, but the risk is still high
This incident is a typical “front-end attack.” In other words, attackers take control of the website entry point to lead users into interacting with malicious contracts, rather than directly compromising the protocol itself. CoW DAO later explained that its back-end protocols and API are still safe, but out of caution it has temporarily stopped the service. Although it has not yet confirmed whether any users’ assets have been affected, attacks like this are often difficult to detect in time. The main risk comes from users’ granted permissions being phished away.
What is CoW Swap: collect transactions first, then price them against each other
CoW Swap is a decentralized trading protocol based on intents, and it is also a DEX aggregator. Unlike traditional decentralized exchanges, it does not put users’ trades on-chain immediately. Instead, it collects orders over a period of time and performs “batch auctions.”
In simple terms, you can think of it like this: “First, collect everyone’s buy/sell orders, and then use competitive bidding to find the best execution path.” Its core mechanisms include solver competition to execute orders, cross-DEX price discovery, and the “Coincidence of Wants” matching logic: if two users’ trade directions happen to complement each other—there are even cases where they can be matched directly—this reduces slippage and improves price efficiency.
Why it went viral in DeFi: a representative anti-MEV design
CoW Swap became popular in the DeFi space largely due to its design aimed at countering MEV (maximum extractable value). Traditional DEX trades are exposed in the public mempool, making them susceptible to front-running or sandwich attacks. CoW, by contrast, uses batch auctions and private order collection to greatly reduce the chances that arbitrage bots intercept transactions.
Backed by the Ethereum Foundation: entering an institutional-grade trading environment
In April 2026, the Ethereum Foundation announced that, through CoW DAO’s TWAP (time-weighted average price) mechanism, it would convert 5,000 ETH to stablecoins in batches to fund development and operating expenses.
According to DeFiLlama data, CoW Swap’s trading volume over the past 30 days was around $3.5 billion, with cumulative fee revenue of about $50 million.
Even though this incident is currently limited to the front end, what the market is focused on is its potential ripple effects. Since CoW Swap is widely integrated into multiple DeFi protocols, risks could impact the applications that rely on its execution layer. At the same time, any protocols that use intent-based designs, solver auctions, or batch execution mechanisms may also be scrutinized for their security design. However, it’s important to emphasize that events like this usually fall under “entry-layer risk” and do not necessarily mean systemic vulnerabilities across the entire Ethereum or DEX ecosystem.
DeFi veterans warn: if you didn’t take any actions, revoke everything
As the incident continues to develop, a senior DeFi player suggested: if you don’t currently have any on-chain actions you need to perform, you should fully revoke all approvals. The reason is that in many asset-theft cases, the assets are not stolen because contracts were broken into; rather, users have granted malicious contracts permission to move their assets without knowing it. In a scenario where the front end is hijacked, even if the protocol itself is safe, as long as you ever authorized via that entry point, risk may still be left behind.
This article, even the Ethereum Foundation uses it! CoW Swap front end gets hacked; DeFi veterans recommend revoking approvals. First appeared on Chain News ABMedia.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Machi Big Brother Holds $86M in BTC and ETH, Down $73.44M Over Past 6 Months
Gate News message, April 27 — According to Arkham monitoring, Machi Big Brother (Huang Lixing) is currently holding $44.2 million in BTC and $41.8 million in ETH long positions on-chain, totaling $86 million.
Over the past six months, the investor has incurred trading losses of $73.44 million in
GateNews33m ago
User FilmStar Purchases 2 BAYC NFTs for 35 ETH Worth $81,500
Gate News message, April 27 — User FilmStar purchased two Bored Ape Yacht Club (BAYC) NFTs for a combined 35 ETH, valued at approximately $81,500, according to OpenSea data. BAYC5617 sold for 10 ETH, while BAYC4593 fetched 25 ETH in the transaction two hours ago.
The address currently holds 1.3
GateNews2h ago
Dormant Whale Deposits 2,301 ETH Worth $5.5M to Major CEX After 3-Year Silence
Gate News message, April 27 — According to Onchain Lens, a whale that has been dormant for three years deposited its entire holdings of 2,301 ETH, valued at approximately $5.5 million, to a major centralized exchange today.
The transfer marks the first significant activity from the address in three
GateNews2h ago
DeFi United’s crowdfunding campaign raises 102,000+ ETH, with AAVE rebounding to $100
According to the official DeFi United page, the multi-protocol relief fund DeFi United, initiated and led by Aave service providers, has raised more than 102k ETH as of April 27. The goal is to cover the bad-debt shortfall created in the Aave V3 market after the April 18 Kelp DAO cross-chain bridge attack incident. AAVE briefly broke above $100 before falling back.
MarketWhisper3h ago
Ethereum Spot ETFs Post $155M Net Inflows Last Week, Extending Three-Week Streak
Gate News message, April 27 — Ethereum spot ETFs recorded net inflows of $155 million during last week's trading days (April 20-24, Eastern Time), according to SoSoValue data, extending a three-week streak of net inflows.
BlackRock's ETHA led all funds with $138 million in weekly net inflows,
GateNews4h ago
Aave Labs proposes for Arbitrum: unlock 30,765 ETH in compensation for victims
According to a proposal published by Aave Labs on April 25 on the Arbitrum governance forum, Aave Labs asks the Arbitrum decentralized autonomous organization (DAO) to unfreeze 30,765 ETH associated with the Kelp DAO attack and to transfer the above funds to the “DeFi United” Recovery Fund, to restore support for rsETH and compensate holders.
MarketWhisper5h ago
