I appreciate the clarification on funded‑by eligibility, and I want to expand slightly on why this criterion is both practical and straightforward to verify.
When a drained wallet is funded by another wallet that previously used CoW Swap, the verification process is entirely on‑chain and requires no subjective interpretation. The CoW team can simply follow the funded‑by chain step‑by‑step through n intermediary wallets until it reaches a known endpoint such as a centralized exchange (for example, Coinbase). This is a deterministic process: every hop is visible, timestamped, and cryptographically linked.
If any wallet in that funding chain executed at least one CoW Swap trade before the DNS hijack, then the user clearly satisfies the “CoW nexus” requirement. It shows that the drained wallet did not appear out of nowhere—it inherits provenance from an address with established CoW Swap activity.
And if additional assurance is needed, the claimant can cryptographically sign a message from any wallet in that funded‑by chain to prove ownership. This removes ambiguity and ensures that only legitimate users—not unrelated third parties—can claim a connection to those addresses.
This approach keeps the criteria strict, verifiable, and resistant to abuse, while still accommodating normal user behavior such as rotating to fresh wallets for security or operational reasons.