The CoW DAO approved CIP-86 to provide discretionary grants of up to 100% to victims of the Cow.fi domain hijack in April, with detailed claims due by May 14 and targeted payments by May 31.
summary
- CIP‑86 is setting up a one-time discretionary grant program from the CoW DAO Legal Defense Reserve, with the aim of compensating verified CoW.fi hijacking victims up to 100% without admitting legal liability.
- The April 14 attack exploited social engineering at registrar Gandi SAS to hijack the Cow.fi DNS for 4.5 hours, redirecting users to a phishing UI that drained approximately $1.2 million in USDC and other tokens.
- Eligible users must send an email (email protected) By May 14 using wallet, assets, TEX hash and ID; Claims will be verified on-chain and, if approved, paid by May 31, possibly after KYC checks.
The CoW DAO officially approved a user compensation plan for victims of Cow.fi domain theft in April, and is now requiring affected users to file claims by May 14. The decision comes after a community vote on management proposal CIP-86, which creates a discretionary grant program to compensate losses of up to 100% for users who were phished while the project’s domain registrar was under the attacker’s control.
Social engineering at the logger layer
According to the CIP-86 proposal and the DAO’s post-mortem report, the incident occurred on April 14, 2026, when CoW Swap’s .fi domain registrar, Gandi SAS, was compromised in a social engineering attack. The attackers exploited registrar controls on DNS records used by CoW Swap’s AWS Route 53 servers, briefly taking over the Cow.fi domain for approximately 4.5 hours and redirecting users to a phishing website that mimicked the real interface.
During that window, a fake trading UI was presented to users who visited the hijacked domain and were tricked into signing malicious transactions, draining tokens from their wallets. The CoW DAO has repeatedly maintained that the smart contracts and back-end infrastructure of the CoW protocol were never compromised, and that the vulnerability was “entirely at the domain registrar layer and not in the protocol code.” The KuCoin incident report estimated user losses at around $1.2 million in USDC and other assets, a figure echoed by multiple follow-up analyses.
CIP-86: Discretionary grants and strict criteria
To address these losses, the CoW DAO community approved CIP-86, which establishes a one-time discretionary grant program funded by the DAO’s Legal Defense Reserve. Under the scheme, eligible victims can receive up to 100% compensation for verified losses, but the DAO stresses that the payments are voluntary “good faith” grants and do not constitute an admission of legal liability. The proposal also gives the core team authorization to pursue legal action against third parties when necessary, including entities involved in the registrant’s supply chain attack.
CIP-86 sets stringent criteria for granting relief. Claimants must have interacted with the malicious contract during the hijacking period, prove a history of CoW Swap use prior to the attack, and provide sufficient on-chain evidence to link their losses to the phishing incident rather than to unrelated fraud. The summary hosted on Binance states that claims will be processed as “discretionary grants” rather than automatic payments, with a verification process comparing the data provided against on-chain records before any payment is authorized.
Claim process and deadline May 14
The CoW DAO and its ecosystem channels are now urging affected users to submit claims before the May 14 deadline. To qualify, users must send an email to (email protected) With the subject line “CoW.Fi Domain Hijack Incident Discretionary Grant Claim,” including the address of the affected wallet, list of assets and depleted amounts, a hash of the relevant transactions, and the name of the claimant. Once support staff matches the order with on-chain data, users will receive a follow-up email outlining any additional steps, which may include KYC checks before funds are released.
The CIP-86 timeline anticipates that all valid claims will be submitted by May 14, reviewed over the following weeks, and paid by May 31, taking into account the DAO Treasury and Verification results. For CoW DAO, this episode became a case study in how DeFi protocols can respond to off-chain supply chain attacks: by treating domain-level security as critical infrastructure, decoupling protocol integrity from web-layer exploits, and using governance to allow voluntary, time-bound restitution without rewriting on-chain history.
