TechFlow News: On April 16, CoW Swap announced via Twitter that it has regained control of the cow.fi domain and has been operating normally on cow.finance for some time; it is now gradually transitioning back to the original domain.
The official statement explained that on April 14, attackers deceived the DNS registrar with forged documents to gain control of the cow.fi domain. The attackers deployed a highly realistic phishing site and executed the attack in two phases: first, using wallet stealers to trick users into signing malicious transactions; second, stealing seed phrases and passwords via fake wallet pop-ups. This attack targeted the domain registrar—not CoW Swap’s own infrastructure or private key leakage. Affected users should revoke all approvals using tools such as Revoke.cash and consider transferring their funds to a new wallet.
