Blockaid flags CoW Swap’s cow.fi frontend as malicious, urging users to revoke token approvals and avoid the dApp amid a broader wave of DeFi interface attacks.
Summary
- Blockaid flags CoW Swap’s main cow.fi frontend as malicious.
- Users are urged to revoke token approvals and avoid the dApp immediately.
- Incident highlights growing wave of DeFi frontend attacks across major protocols.
Blockchain security firm Blockaid has warned that CoW Swap’s primary website COW.FI has been compromised in a suspected frontend attack, marking the latest high‑profile exploit attempt against a major DeFi trading interface.
In an alert shared on X, Blockaid said its system “has detected a front-end attack targeting Cowswap” and confirmed that the cow.fi domain has been flagged as malicious inside Blockaid‑integrated wallets, advising users “to refrain from signing transactions and avoid interactions with the dApp until the issue is resolved.”
Following the warning, CoW Swap community channels and independent security commentators urged traders who had connected wallets to CoW Swap to immediately revoke any outstanding token approvals and to stop interacting with the platform’s frontend until further notice, even though underlying smart contracts have not been reported as compromised.
🚨 Community Alert:
Blockaid’s system has identified a front-end attack on @CoWSwap.
The site cow[.]fi has been flagged as malicious.
Avoid any interactions with the dApp immediately. pic.twitter.com/QKGk3DtPjH
— Blockaid (@blockaid_) April 14, 2026
Blockaid alert adds to DeFi frontend attack wave {#blockaid-alert-adds-to-defi-frontend-attack-wave}
Blockaid’s latest alert comes amid a surge in so‑called frontend hijacks, where attackers compromise a project’s website or DNS rather than its on‑chain contracts, silently swapping legitimate transaction prompts for malicious ones that drain user wallets.linkedin+1
In February, Blockaidreported a similar frontend attack on tokenization platform OpenEden, warning users to “refrain from signing transactions and avoid interactions with the dApp until the issue is resolved,” while separate incidents have recently hit lending protocol Curvance and asset manager Maple Finance.
As highlighted in CoW Swap’s own DeFi security guides, these attacks target “people, devices, and transaction behavior instead of only attacking code,” making basic hygiene like checking URLs, using browser bookmarks and monitoring token approvals critical for retail and professional users alike.
Security platforms such as Kerberus and Revoke‑style tools recommend users regularly audit and revoke token approvals after any suspected incident, noting that revocation “only removes future permission for that contract to move your tokens” and cannot recover funds already drained.
ForDeFi traders, the CoW Swap incident underscores a lesson that keeps recurring in crypto.news coverage of exchange exploits, bridge hacks and protocol drains: even when audited smart contracts remain intact, a single compromised frontend can still turn a routine swap into a total wallet loss if users sign blind.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
French Authorities Boost Security for Crypto Executives Amid Kidnapping Threats
French authorities are enhancing security for digital-asset executives and investors due to recent kidnappings. Following these threats, police escorted Paris Blockchain Week attendees, and protective measures for crypto holders are being developed.
GateNews37m ago
Zonda Exchange Discloses 4,500 BTC Cold Wallet as Private Keys Remain Untransferred
Zonda, a Polish crypto exchange, revealed a cold wallet with 4,503 BTC amid a withdrawal crisis. CEO Przemysław Kral addressed fund misappropriation allegations and promised legal action against false claims, emphasizing that private keys were never transferred due to the former CEO's disappearance.
GateNews1h ago
The OneCoin Ponzi scheme begins restitution, with the U.S. Department of Justice setting aside $40 million to compensate victims
The OneCoin Ponzi scheme was founded by Ruja Ignatova in 2014, attracting 3.5 million investors and scamming about $4 billion. The U.S. Department of Justice will provide $40 million in compensation for victims, the founder has gone missing, is listed as the FBI’s No. 1 most-wanted fugitive, and the case has prompted cooperation among law enforcement agencies worldwide, resulting in sanctions against several co-conspirators.
ChainNewsAbmedia1h ago
Rhea Finance Suffers Attack, Loses Approximately $7.6M
Rhea Finance experienced a security breach where an attacker created fake token contracts and manipulated liquidity pools, misleading the oracle system and extracting at least $7.6 million in assets.
GateNews2h ago
Ukraine Dismantles International Cybercrime Ring, Seizes $3M in Cryptocurrency
A suspect connected to an international cybercriminal group was arrested in Ukraine for $100 million in fraud and money laundering. Police seized $11 million in assets and $3 million in cryptocurrency. The suspect faces charges for document forgery and money laundering.
GateNews4h ago
DeFi Sector Faces Multiple Pressures as Yields Fall and $285M Hack Raises Security Concerns
Decentralized finance (DeFi) is under pressure as lending yields drop to levels similar to traditional bonds, blockchain activity declines, and a significant hack raises security concerns, challenging claims of institutional-grade safety.
GateNews4h ago
