The team that helps operate the platform, CoW Swap, said that it was working to resolve the issue for the DEX aggregator.
DNS hijacking allows attackers to redirect users from a legitimate domain to a malicious lookalike site, often with the goal of draining crypto wallets or harvesting private data. The attack vector has become a persistent weak point in decentralized finance, where users typically rely on web-based interfaces to access otherwise secure smart contracts.
CoW Swap operates as a decentralized exchange aggregator, sourcing liquidity across venues and using a mechanism known as “Coincidence of Wants” to match trades directly between users or batch them for more efficient execution. Orders are handled by competing “solvers” that optimize trade outcomes, a design intended to reduce slippage and limit exposure to maximal extractable value (MEV).
MEV is a practice on the blockchain where bots reorder transactions to extract profit at users’ expense, making mitigation key to ensuring fair pricing and protecting traders.
The platform is governed by CoW DAO, a decentralized autonomous organization spun out of the Gnosis ecosystem. The project has positioned itself as a user-protective alternative in DeFi trading, emphasizing execution quality and fairer trading outcomes
We are now actively working to resolve the situation. Please continue to refrain from using swap dot cow dot fi until we confirm that it is safe to use,” the team wrote on X.