CoW Swap frontend flagged in potential attack, users warned to avoid platform

The CoW Swap frontend has been flagged for a potential security incident, with multiple ecosystem participants urging users to avoid interacting with the platform. Blockchain security firm Blockaid first raised the alert on 14 April, stating that its systems had identified a frontend attack on CoW Swap. The domain cow.fi was flagged as malicious, with users advised to revoke wallet approvals and avoid any interaction with the application. Shortly after, CoW Swap's DAO confirmed the issue, saying it was investigating a problem affecting its frontend at swap.cow.fi. The team urged users not to use the platform until the issue is resolved. Issue appears isolated to frontend Early indications suggest the incident is limited to the frontend interface rather than the underlying protocol. Aave also acknowledged the situation, clarifying that the attack does not affect its own interface or protocol. As a precaution, Aave said CoW Swap endpoints for integrators have been temporarily disabled. Frontend attacks typically involve malicious code injected into a website interface, potentially tricking users into signing harmful transactions, even when core smart contracts remain secure. Users urged to take precautions Security alerts emphasized immediate user action, particularly for those who may have recently interacted with the platform. Recommended steps include: revoking token approvals from connected wallets avoiding further interaction with the affected frontend monitoring wallets for suspicious activity At the time of writing, CoW Swap has not disclosed the full scope or cause of the issue, and investigations are ongoing. A growing pattern of exploit activity The CoW Swap incident adds to a growing list of security breaches across the crypto ecosystem this month. This highlights persistent vulnerabilities across both frontend interfaces and core infrastructure. On 13 April, the Hyperbridge Token Gateway exploit allowed an attacker to mint roughly 1 billion bridged DOT tokens on Ethereum, which were quickly dumped for profit.  While losses were relatively limited at around $237,000, the incident exposed weaknesses in cross-chain verification logic and bridge design. Earlier in the month, the scale was far more severe. Drift Protocol suffered a major exploit on 1 April, with losses estimated at over $280 million, making it the largest DeFi hack of 2026 so far. Investigations suggest a traditional smart contract bug did not cause the Drift attack, but rather a governance-level compromise. The attackers gained privileged access and executed pre-approved transactions to drain funds. Together, these incidents point to a shifting threat landscape. While earlier DeFi exploits often focused on code vulnerabilities, recent attacks have increasingly targeted frontends, governance systems, and cross-chain infrastructure — areas that are harder to secure and often rely on human processes as much as code. Final Summary CoW Swap's frontend has been flagged in a potential attack, with users advised to avoid the platform. Early signals suggest the issue is limited to the interface, not the underlying protocol. Still, risks remain for users who interact with the site.