Layerswap, a service enabling cryptocurrency transfers between centralized exchanges and layer-2 blockchains, experienced a domain hijacking incident leading to a phishing scam. Approximately $100,000 worth of crypto assets from roughly 50 users were stolen as a result.
In a laudable move, Layerswap has committed to reimbursing all affected users for the stolen funds. Furthermore, they will provide a 10% bonus to compensate for the disruption caused by the attack.
Layerswap Hit by Domain Hijack and Phishing Attack, Vows to Refund Users
At around 7:40 UTC on March 20, a significant security breach occurred involving the layerswap.io domain. The breach unfolded as malicious actors gained access to Layerswap’s GoDaddy account, allowing them to manipulate the domain’s DNS settings. This exploit enabled the hackers to divert traffic to a phishing site whenever users tried to visit Layerswap’s website.
Moreover, the attackers altered the domain owner’s email address, granting them full control over DNS and associated email services. With this unauthorized access, they attempted to initiate a password reset for Layerswap’s X account at 7:42 pm UTC. Notably, the password reset process for the X account did not mandate two-factor authentication (2FA).
Fortunately, Layerswap had 2FA enabled for its X account login, which thwarted both the company and the attackers from accessing the account despite the password reset attempt. Nevertheless, the domain compromise resulted in the presentation of a phishing site to users, leading approximately 50 individuals to fall victim to the scam, collectively losing around $100,000 worth of assets.
At 7:45 p.m., Layerswap promptly reached out to GoDaddy Support for urgent assistance. However, they encountered delays in receiving a response. Initially, GoDaddy indicated a 12-hour turnaround time, which was later reduced to 3 hours. This delayed response from the domain registrar enabled the hacker to maintain control of the domain for an extended period.
By approximately 10:21 p.m., Layerswap received instructions from GoDaddy regarding the password reset process. However, when attempting to reset the password, they discovered that the account was locked, and the attackers had once again changed the associated email address.
Fortunately, by 11:07 p.m. UTC, Layerswap had regained access to their GoDaddy account. This enabled them to undo the modifications made by the hacker and regain control of their domain.
In response to the impact on affected users, Layerswap has taken proactive measures. The company is providing full refunds to the affected users and offering an additional 10% as compensation for the inconvenience caused by the security breach.
Crypto Scammers Still Active: $46 Million Lost in February Despite Fewer Large Victims
According to a report, Scam Sniffer, an anti-scam solution company, revealed that February 2024 saw a substantial cryptocurrency loss amounting to $46.86 million due to scams. The report emphasized that over 57,000 individuals fell victim to various phishing scams during this period. Interestingly, there was a significant 75% decrease in the number of victims losing over $1 million compared to January 2024.
Of the total losses, the Ethereum mainnet accounted for more than $36.2 million, constituting 78% of the total exploits in February. Moreover, Ethereum blockchain users formed the largest group of victims, totaling 25,029 individuals.
It’s notable that on February 15 alone, more than $6.2 million in digital assets were lost, indicating a significant spike in scam activities on that day.
In March, the decentralized finance (DeFi) aggregator ParaSwap encountered a significant vulnerability in its recently deployed Augustus v6 contract. Despite ParaSwap’s immediate action to roll back the v6 contract and alert users to take necessary precautions, a hacker still managed to withdraw funds totaling approximately $24,000 from four different addresses. This incident impacted 386 addresses, prompting the protocol to urge users to report any unidentified loss of funds during the initial investigation.