Layerswap Recovers Domain After Hijack, Restores User Funds After $100,000 Loss
Layerswap, a platform facilitating cryptocurrency transfers between centralized exchanges and layer-2 blockchains, fell victim to a domain hijack incident resulting in a phishing scam that stole roughly $100,000 worth of crypto assets from around 50 users.
In a commendable response, Layerswap has pledged to fully refund the stolen funds to affected users. Additionally, they will offer a 10% bonus as compensation for the inconvenience caused by the attack.
Layerswap Hit by Domain Hijack and Phishing Attack, Vows to Refund Users
🛠 Layerswap March 20 incident
On March 20th, around 7:40 PM UTC, the @GoDaddy account for our https://t.co/xGoN2q5vOa domain was compromised, and we're currently awaiting a comprehensive report from GoDaddy to understand the breach's specifics. Meanwhile, here's some context…
— Layerswap (@layerswap) March 21, 2024
On March 20 at approximately 7:40 UTC, a significant security breach occurred involving the layerswap.io domain. The incident began when malicious actors compromised Layerswap’s GoDaddy account, allowing them to alter the domain’s DNS settings. THe domain hijack allowed hackers to redirect traffic to a phishing site when users attempted to access Layerswap’s website.
The attackers also changed the domain owner’s email address, gaining complete control over DNS and associated email services. This unauthorized access led to an attempt to reset Layerswap’s X account password at 7:42 pm UTC. The X account’s password reset process did not require two-factor authentication (2FA).
Fortunately, Layerswap had 2FA enabled for its X account login, which thwarted both the company and the attackers from accessing the account despite the password reset attempt. However, the compromise of the domain resulted in a phishing site being displayed to users, leading approximately 50 individuals to fall victim to the scam and collectively lose around $100,000 worth of assets.
At 7:45 p.m., Layerswap promptly contacted GoDaddy Support for immediate assistance. However, they encountered delays in response. GoDaddy initially indicated a 12-hour response time, which was later reduced to 3 hours. This delayed response from the domain registrar allowed the hacker to maintain domain control for an extended period of time.
At around 10:21 pm, Layerswap received instructions from GoDaddy on resetting the account password. However, upon attempting to reset the password, they found the account locked, and the attackers had once again altered the email address associated with the account.
Fortunately, by 11:07 p.m. UTC, Layerswap had regained access to their GoDaddy account. This allowed them to reverse the hacker’s modifications and regain control of their domain.
This is the last post of this thread.
The @layerswap page and our Discord server (https://t.co/LGsjxQHeY4) are the only official channels of Layerswap.
Watch out for fake accounts and external links in the replies trying to phish you.
Always double check before taking any…
— Layerswap (@layerswap) March 21, 2024
In response to the impact on affected users, Layerswap has taken proactive measures. The company is fully refunding the affected users and offering an additional 10% as compensation for the inconvenience caused by the security breach.
Crypto Scammers Still Active: $46 Million Lost in February Despite Fewer Large Victims
According to a report by Cryptonews, the anti-scam solution company Scam Sniffer revealed that February 2024 witnessed a substantial loss of $46.86 million in cryptocurrencies due to scams. The report highlighted that over 57,000 individuals became victims of various phishing scams during this period. Interestingly, there was a significant 75% decrease in victims losing over $1 million compared to January 2024.
Among the total losses, the Ethereum mainnet accounted for more than $36.2 million, constituting 78% of the total exploits in February. Additionally, Ethereum blockchain users comprised the largest group of victims, totaling 25,029 individuals.
It’s worth noting that on February 15, more than $6.2 million in digital assets were lost in a single day, indicating a notable spike in scam activities that day.
In March, the decentralized finance (DeFi) aggregator ParaSwap faced a significant vulnerability in its newly deployed Augustus v6 contract. Although ParaSwap took immediate action to roll back the v6 contract and alerted users to take necessary precautions, a hacker still managed to cash out funds worth approximately $24,000 from four different addresses. This incident affected 386 addresses, prompting the protocol to urge users to report any unidentified loss of funds during the initial investigation.
