Blockaid has flagged a front end attack affecting CoW Swap, warning users that cow.fi had been marked as malicious and urging anyone who connected a wallet to revoke token approvals and avoid interacting with the app.

🚨 Community Alert:

Blockaid's system has identified a front-end attack on @CoWSwap.

The site cow[.]fi has been flagged as malicious.

If your wallet is connected, revoke approvals and avoid any interactions with the dApp immediately. pic.twitter.com/xGGmY53RMR

— Blockaid (@blockaid_) April 14, 2026

The alert added fresh concern around one of DeFi’s better known trading interfaces, which routes swaps across multiple liquidity sources.

🚨🚨

We are currently experiencing an issue with the CoW Swap frontend (https://t.co/GPQ8bBzftU). While we are investigating, please DO NOT use CoW Swap.

— CoW DAO (@CoWSwap) April 14, 2026

CoW Swap also acknowledged the issue, saying it was experiencing a problem with its front end and urging users not to use the platform for the moment.

CoW Swap is the main trading interface built on CoW Protocol, a decentralized trading system that uses batch auctions and a network of competing solvers to find execution across onchain liquidity venues.

The protocol markets itself around MEV protection and currently supports activity across major networks including Ethereum, Base, Polygon, Arbitrum, Gnosis, Avalanche, BNB, Linea, Plasma, and Ink.

CoW Swap later said the incident was caused by a DNS hijacking that began at 14:54 UTC. The team said the protocol’s backend and APIs were not impacted, though they were temporarily paused as a precaution, and urged users to avoid swap.cow.fi until further notice. CoW Swap also said users should revoke any approvals made after 14:54 UTC using tools such as revoke.cash.

This is a developing story and will be updated as more details emerge.