CoW Swap báo cáo tổn thất 1,2 triệu USD sau cuộc tấn công chiếm quyền kiểm soát tên miền

The Huoxing Finance report, according to official statements, the post-mortem report on the CoW Swap attack revealed that its domain cow.fi was subjected to a supply chain attack on April 14, 2026, when attackers infiltrated the .fi domain registration process via social engineering and hijacked DNS resolution, causing users accessing swap.cow.fi to be redirected to phishing sites during several hours. During the incident, the attackers deployed a forged transaction interface and attempted to trick users into connecting their wallets and signing malicious transactions. The report confirmed that the incident did not compromise CoW Protocol’s on-chain contracts, backend systems, or user fund security; core infrastructure and services such as AWS and Vercel were not breached. The attack occurred during the domain registration and transfer process, with attackers gaining control by submitting forged identity documents and exploiting vulnerabilities in the registration workflow, briefly altering the domain’s DNS指向. The team identified the anomaly and initiated an emergency response within 19 minutes, subsequently migrating to cow.finance and completing domain recovery within approximately 26 hours. The CoW team stated that affected users were primarily those who accessed the official website during the period of domain hijacking, with preliminary estimated losses of around $1.2 million. Currently, cow.fi has been reactivated with enhanced security measures such as RegistryLock, and the team has initiated external security audits, legal accountability actions, and potential user compensation plans. The official emphasized that the vulnerability has been patched and plans to improve the security of domain infrastructure through governance and industry collaboration.