Ethereum-based decentralized exchange aggregator CoW Swap has temporarily paused its protocol due to a front-end compromise. The attack allowed malicious actors to direct users to fake websites, leading to the approval of fraudulent transactions.
While the underlying smart contracts remain unaffected, the project's backend and APIs were temporarily halted as a precautionary measure. Initial reports indicate that a significant number of users may have lost funds through malicious approvals made in the hours preceding the discovery of the exploit.
Cybersecurity researchers estimate that approximately $500,000 has been drained from users so far. CoW Swap is actively investigating the extent of the losses and verifying user reports. The platform has assured users that a more comprehensive assessment will be released shortly. Experts note that this type of DNS hijack, mimicking legitimate DeFi projects, has occurred with other platforms in the past.