Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
CoW Swap Pauses Protocol After Website Domain Compromise Triggers Front-End Attack
CoW Swap has warned users not to use the platform after its website domain was compromised in a front-end attack.
The protocol said its backend and APIs were not affected, but it paused them temporarily as a precaution.
CoW Swap has temporarily paused its protocol after a front-end compromise exposed users to the risk of malicious transaction approvals, adding another reminder that in DeFi, the interface can be as vulnerable as the code underneath it.
The Ethereum-based decentralized exchange aggregator said Tuesday that attackers had gained control of the website domain users typically visit to access the protocol. That gave the bad actors a way to redirect traffic to a different site, where users could potentially be tricked into approving harmful transfers.
The protocol paused even though core systems were not hit
CoW Swap said the backend and APIs were not impacted, but the team chose to pause them anyway as a precaution while it worked to contain the incident. That decision matters. In practice, it suggests the project wanted to reduce any chance that a front-end problem could spill over into broader user harm while the situation was still being assessed.
The team’s public message was direct and unusually urgent. Users were told to avoid interacting with the protocol while the issue was being resolved.
That is often the hardest part of front-end attacks in DeFi. The smart contracts themselves may remain untouched, yet users can still lose funds if they sign the wrong approval through a compromised interface. The attack surface shifts from protocol logic to trust in the web layer.
A front-end exploit hits one of Ethereum’s better-known trading venues
The incident stands out because CoW Swap is not a marginal protocol. It is one of the more established Ethereum trading venues and has been publicly used by figures including Ethereum co-founder Vitalik Buterin.
That gives the episode broader significance than a routine website compromise. It underlines how much DeFi still depends on domains, interfaces and user-facing infrastructure that can become weak points even when the underlying contracts are secure.
For now, CoW Swap appears to be treating the breach as a containment problem first and a communications problem second. The question for users is simpler. Until the domain is fully secured again, the safest assumption is that the familiar interface cannot be trusted.