CoW Swap: The previous attack targeted the domain registrar rather than the private key leak; control of the cow.fi domain has been regained.

CoinFeed reported on April 16th that CoW Swap announced on its X platform that it has regained control of the cow.fi domain and that it has been operating normally on cow.finance for some time. It is currently gradually transitioning back to the original domain. Attackers gained control of the cow.fi domain on April 14th by forging documents and deceiving the DNS registrar. The attackers deployed a highly realistic phishing website, implementing the attack in two phases: first, they tricked users into signing malicious transactions using a wallet stealer; then, they stole the mnemonic phrase and password through a fake wallet pop-up. This attack targeted the domain registrar and was not related to CoW Swap's own infrastructure or a private key leak. Affected users should use tools such as Revoke.cash to revoke all authorizations and consider transferring funds to a new wallet.