A breakdown of DNS and BGP hijacking threats targeting DeFi and Web3 projects, using the April 2026 CowSwap DNS exploit as a case study. Attackers modified DNS records to serve a phishing frontend with an embedded wallet drainer, resulting in $500k+ in losses within a two-hour window. The post identifies a pattern of attacks targeting .fi and .finance domains registered through certain providers like Gandi, and recommends migrating to mainstream TLDs. It advocates for enterprise-grade DNS protection via MarkMonitor and lists accessible alternatives like DigiBastion and Guardrail. Practical hardening steps include enabling registrar lock, DNSSEC, hardware security keys, API token rotation, and real-time domain monitoring.
Table of contents
The Recent CoW Swap DNS Exploit: A Wake-Up CallA Troubling Pattern with .fi and .finance DomainsSort: