Cow DAO Makes Users Whole After April Dns Hijack, Deadline May 14

@CoWSwap is reimbursing users affected by the April 14 DNS hijack of its cow.fi domain, even though the underlying protocol was never breached. Affected users have until Thursday, May 14, to file their claims.

What Happened

The hijack was detected at approximately 14:54 UTC on April 14, 2026. Attackers exploited weaknesses in the .fi domain registrar transfer process through a social engineering campaign targeting Finland's domain registry infrastructure. The result was a pixel-perfect phishing clone that remained live for roughly 4.5 hours. Users lost an estimated $1.2 million during the incident after attackers redirected the cow.fi domain to a phishing website that tricked visitors into signing malicious wallet transactions. That figure includes a single interception of 219 ETH from one trader's wallet.

Critically, the core smart contracts were never touched. This was a frontend attack, not a protocol-level exploit. A follow-up post at 16:24 UTC confirmed the DNS hijacking and noted that CoW Protocol's backend and APIs were not affected.

The Reimbursement Plan

CoW DAO has approved a proposal to reimburse users affected by the April 2026 cow.fi domain hijacking. The governance proposal authorizes a discretionary grants program for users who lost funds during the phishing attack, which stemmed from a registrar-level domain takeover rather than a compromise of CoW Protocol infrastructure.

The proposal allows eligible victims to receive up to 100% reimbursement for verified losses using funds from CoW DAO's Legal Defense Reserve. The payments remain voluntary and do not represent an admission of liability or legal fault. The document describes the grants as "ex gratia" payments, meaning CoW DAO provides them as a goodwill gesture rather than a legal obligation. Users who entered seed phrases into fake prompts are not eligible.

The DAO posted a public reminder Monday urging affected users to submit claims before the May 14 deadline. The broader incident is a pointed reminder of a structural tension in DeFi. The CoW Swap incident reinforces the mismatch between decentralized execution and centralized access points. Protocols may operate securely on-chain, but user interaction still depends on Web2 infrastructure that remains vulnerable to hijacking.

Sources:
CIP-86: Discretionary Grants Program for Victims of the cow.fi Domain Hijacking, CoW DAO Governance Forum
CoW DAO approves voluntary refunds despite no protocol breach in domain hijack, AMBCrypto
Cow Protocol Halts Trading After Frontend Domain Hijack, Bitcoin.com News