CoW Swap Urges Users Away From swap.cow.fi After Blockaid Alert

CoW Swap warned users on April 14, 2026 to stop using its frontend at swap.cow.fi after Web3 security firm Blockaid flagged the cow.fi domain for malicious activity. The protocol advised users to disconnect wallets and revoke token approvals while an investigation continues.

CoW Swap posted: “We are currently experiencing an issue with the CoW Swap frontend (https://swap.cow.fi). While we are investigating, please DO NOT use CoW Swap.” The team said it is investigating a possible compromise that could prompt users to sign transactions that drain their wallets.

Blockaid’s dApp scanning engine detected suspicious behavior on the cow.fi domain on April 14 and issued a public alert telling connected users to revoke approvals and stop interacting with the site immediately. Blockaid provides automated transaction screening for several wallets and DeFi platforms.

A compromised frontend does not change smart contracts. It can alter the user interface to inject transaction requests or approval prompts that look legitimate. If a user signs one of those transactions, an attacker can gain permission to move tokens out of the user’s wallet.

CoW Swap advised everyone to disconnect any wallets connected to swap.cow.fi, review recent transactions for suspicious approvals and revoke token allowances using tools such as Revoke.cash or Etherscan’s approval checker. Blockaid’s alert also recommended immediate revocation for anyone who had a wallet connected to the site.

At the time of the alert the COW token was trading near $0.22 with a market capitalization close to $120 million and had not shown a major sell-off. The risk remains for users who continue to interact with a potentially compromised frontend.

CoW Swap experienced a 2023 incident in which an exploiter drained more than $180,000 from the protocol’s settlement contract; that event affected the protocol rather than individual user funds. Frontend attacks have become a growing vector in decentralized finance; a 2025 incident that targeted a wallet provider’s frontend infrastructure resulted in roughly $1.5 billion in losses.

Investigators from CoW Swap and outside security teams are working to determine the scope of the compromise and how malicious code or a configuration change was introduced. Users should monitor CoW Swap’s official channels for updates and treat any transaction request from swap.cow.fi as potentially dangerous until the team issues an all-clear.