CoW Swap users warned after Blockaid flags COW.FI frontend attack
Blockaid flags CoW Swap’s cow.fi frontend as malicious, urging users to revoke token approvals and avoid the dApp amid a broader wave of DeFi interface attacks.
- Blockaid flags CoW Swap’s main cow.fi frontend as malicious.
- Users are urged to revoke token approvals and avoid the dApp immediately.
- Incident highlights growing wave of DeFi frontend attacks across major protocols.
Blockchain security firm Blockaid has warned that CoW Swap’s primary website COW.FI has been compromised in a suspected frontend attack, marking the latest high‑profile exploit attempt against a major DeFi trading interface.
In an alert shared on X, Blockaid said its system “has detected a front-end attack targeting Cowswap” and confirmed that the cow.fi domain has been flagged as malicious inside Blockaid‑integrated wallets, advising users “to refrain from signing transactions and avoid interactions with the dApp until the issue is resolved.”
Following the warning, CoW Swap community channels and independent security commentators urged traders who had connected wallets to CoW Swap to immediately revoke any outstanding token approvals and to stop interacting with the platform’s frontend until further notice, even though underlying smart contracts have not been reported as compromised.
Blockaid alert adds to DeFi frontend attack wave
Blockaid’s latest alert comes amid a surge in so‑called frontend hijacks, where attackers compromise a project’s website or DNS rather than its on‑chain contracts, silently swapping legitimate transaction prompts for malicious ones that drain user wallets.linkedin+1
In February, Blockaid reported a similar frontend attack on tokenization platform OpenEden, warning users to “refrain from signing transactions and avoid interactions with the dApp until the issue is resolved,” while separate incidents have recently hit lending protocol Curvance and asset manager Maple Finance.
As highlighted in CoW Swap’s own DeFi security guides, these attacks target “people, devices, and transaction behavior instead of only attacking code,” making basic hygiene like checking URLs, using browser bookmarks and monitoring token approvals critical for retail and professional users alike.
Security platforms such as Kerberus and Revoke‑style tools recommend users regularly audit and revoke token approvals after any suspected incident, noting that revocation “only removes future permission for that contract to move your tokens” and cannot recover funds already drained.
For DeFi traders, the CoW Swap incident underscores a lesson that keeps recurring in crypto.news coverage of exchange exploits, bridge hacks and protocol drains: even when audited smart contracts remain intact, a single compromised frontend can still turn a routine swap into a total wallet loss if users sign blind.
