Revoke.cash logo

CoW Swap DNS Hijack

Check if your address is affected.

14 Apr 2026
Unknown stolen
Ethereum Logo
BNB Chain Logo
Polygon Logo
Base Logo
Arbitrum Logo
Gnosis Chain Logo
Plume Logo
Gravity Alpha Logo

On the 14th of April 2026, malicious actors were able to compromise the DNS records of the popular DEX CoW Swap. This allowed them to redirect users to a malicious website that stole users' funds. We've made a list of addresses that we know belong to the attackers, but keep in mind that there might be more, so even if the exploit checker shows no results, do make sure to check for any approvals made on the 14th of April.

Affected users remain at risk as long as they haven't revoked their approvals, so it is recommended to use the Revoke.cash Exploit Checker below to make sure that you're safe.

Sources:x.com

Next time, revoke it automatically

Revoke Ultimate monitors your approvals around the clock and revokes them automatically when an exploit like this one is identified, even while you sleep.

See how Auto-Revoking works
Get Ultimate
Back to Exploits