CoW Swap, an Ethereum DeFi exchange aggregator, has paused its protocol after a front-end compromise led to an estimated $500,000 in losses for users. The underlying smart contracts remain unaffected, but users are advised to revoke approvals made on the platform.
Users should revoke all approvals made on CoW Swap after 14:54 UTC today. Tools like make this easy to do.
— CoW DAO (@CoWSwap) April 14, 2026 “I don't know what to do anymore,” said one user who claimed that they lost more than $50,000 via CoW Swap’s compromised front end. “I have no money at all.” Despite apparent frustrations, the scope of losses sustained wasn’t immediately clear. A pseudonymous member of the CoW Swap team who goes by MooKeeper told *Decrypt* that reports are actively being investigated and verified. They added that a more complete assessment would be released tomorrow or later this week. “We have evidence that a small number of users signed malicious approvals for very small amounts,” MooKeeper added. Still, a noted cybersecurity researcher who goes by Vladimir S. on X said that around $500,000 worth of digital assets had been “drained from a few addresses so far.” Martin Köppelmann, co-founder and CEO of decentralized infrastructure provider Gnosis, noted in a to X that the attack’s scope appears limited. He said that users are potentially affected only if they approved interactions with CoW Swap within the past few hours. Websites that try to trick users by mimicking established DeFi projects aren’t entirely uncommon. Last year, for example, Curve Finance its second DNS hijack. The first one, which took place in 2022, resulted in $570,000 in losses for users. Buterin, who has swapped notable amounts of Ethereum for stablecoins using CoW Swap this year, had engaged with the protocol as recently as a week ago, data from on-chain analytics firm Arkham Intelligence . In 2024, he also used the decentralized exchange aggregator to holdings of a meme coin modeled on a baby pygmy hippo from Thailand.
CoW Swap's front-end interface was compromised, prompting the team to pause the protocol as a precaution.
Cybersecurity researchers estimate that approximately $500,000 worth of digital assets have been drained from users due to the attack.
Users are advised to revoke all approvals made on CoW Swap after the attack was disclosed to prevent further losses.
World Liberty Financial's WLFI token may drop 20% in April due to bearish market indicators and insider trading allegations. The token is currently forming a bear flag pattern, suggesting further declines.
Trump's upcoming meme coin event sees VIP access drop 90% in price!
Spot XRP ETFs attract $9.1 million in inflows, signaling renewed interest.
STRC Stock Achieves Record $1.1B Daily Trading Volume
Paxos Labs secures $12M to enhance its crypto Amplify platform
Bitcoin briefly hits $76K, raising concerns of a bull trap amid macroeconomic factors.
See every story in Crypto — including breaking news and analysis.