You can check the website statistics yourself or request them from us at [email protected]
On this platform, only organic high-quality traffic
Bitcoin
$ 30,725

Layerswap Recovers Domain After Hijack, Restores User Funds After $100,000 Loss

Layerswap, a service enabling cryptocurrency transfers between centralized exchanges and layer-2 blockchains, experienced a domain hijacking incident leading to a phishing scam. Approximately $100,000 worth of crypto assets from roughly 50 users were stolen as a result.

In a laudable move, Layerswap has committed to reimbursing all affected users for the stolen funds. Furthermore, they will provide a 10% bonus to compensate for the disruption caused by the attack.

Layerswap Hit by Domain Hijack and Phishing Attack, Vows to Refund Users

At around 7:40 UTC on March 20, a significant security breach occurred involving the layerswap.io domain. The breach unfolded as malicious actors gained access to Layerswap’s GoDaddy account, allowing them to manipulate the domain’s DNS settings. This exploit enabled the hackers to divert traffic to a phishing site whenever users tried to visit Layerswap’s website.

Moreover, the attackers altered the domain owner’s email address, granting them full control over DNS and associated email services. With this unauthorized access, they attempted to initiate a password reset for Layerswap’s X account at 7:42 pm UTC. Notably, the password reset process for the X account did not mandate two-factor authentication (2FA).

Fortunately, Layerswap had 2FA enabled for its X account login, which thwarted both the company and the attackers from accessing the account despite the password reset attempt. Nevertheless, the domain compromise resulted in the presentation of a phishing site to users, leading approximately 50 individuals to fall victim to the scam, collectively losing around $100,000 worth of assets.

At 7:45 p.m., Layerswap promptly reached out to GoDaddy Support for urgent assistance. However, they encountered delays in receiving a response. Initially, GoDaddy indicated a 12-hour turnaround time, which was later reduced to 3 hours. This delayed response from the domain registrar enabled the hacker to maintain control of the domain for an extended period.

By approximately 10:21 p.m., Layerswap received instructions from GoDaddy regarding the password reset process. However, when attempting to reset the password, they discovered that the account was locked, and the attackers had once again changed the associated email address.

Fortunately, by 11:07 p.m. UTC, Layerswap had regained access to their GoDaddy account. This enabled them to undo the modifications made by the hacker and regain control of their domain.

In response to the impact on affected users, Layerswap has taken proactive measures. The company is providing full refunds to the affected users and offering an additional 10% as compensation for the inconvenience caused by the security breach.

Crypto Scammers Still Active: $46 Million Lost in February Despite Fewer Large Victims

According to a report, Scam Sniffer, an anti-scam solution company, revealed that February 2024 saw a substantial cryptocurrency loss amounting to $46.86 million due to scams. The report emphasized that over 57,000 individuals fell victim to various phishing scams during this period. Interestingly, there was a significant 75% decrease in the number of victims losing over $1 million compared to January 2024.

Of the total losses, the Ethereum mainnet accounted for more than $36.2 million, constituting 78% of the total exploits in February. Moreover, Ethereum blockchain users formed the largest group of victims, totaling 25,029 individuals.

It’s notable that on February 15 alone, more than $6.2 million in digital assets were lost, indicating a significant spike in scam activities on that day.

In March, the decentralized finance (DeFi) aggregator ParaSwap encountered a significant vulnerability in its recently deployed Augustus v6 contract. Despite ParaSwap’s immediate action to roll back the v6 contract and alert users to take necessary precautions, a hacker still managed to withdraw funds totaling approximately $24,000 from four different addresses. This incident impacted 386 addresses, prompting the protocol to urge users to report any unidentified loss of funds during the initial investigation.

Related Posts

Leave a Reply

Confirm now and stay with our news

What we write about

I want to save money. Will cryptocurrency work?

Cryptocurrency is essentially virtual money that operates in a decentralized manner, not through a bank but directly on multiple independent computers.

Every cryptocurrency has two main components: the units of digital exchange called “coins” and the network within which the exchange takes place. These units can be transferred between wallets and exchanged on exchanges. The networks in which these coins exist are called blockchains, which translates to “chains of blocks.”

Latest Articles

S&P Global Ratings joins Singapore MAS’s Project Guardian
28.06.2024By
Boden Memecoin Crashes After US President Biden’s Poor Debate Performance
28.06.2024By
Steno Research Expects $15-20B Inflows into Ether Spot ETFs, Predicts $6,500 Price Target
28.06.2024By

Latest news

S&P Global Ratings joins Singapore MAS’s Project Guardian
28.06.2024
Boden Memecoin Crashes After US President Biden’s Poor Debate Performance
28.06.2024
Steno Research Expects $15-20B Inflows into Ether Spot ETFs, Predicts $6,500 Price Target
28.06.2024
Bitcoin Mining Firm CleanSpark Acquires GRIID in $155M Stock Deal
28.06.2024
Elastos Partners With BEVM to Launch Bitcoin P2P Loans, Targeting $1.3T in Dormant Value
28.06.2024
Coinbase Files Lawsuits Against SEC, FDIC Over FOIA Request
27.06.2024
UK Watchdog Boosts Crypto Division to 100 Staff Members
27.06.2024
Hong Kong Government Explores DeFi and Metaverse to Boost Fintech Dominance
27.06.2024
Spot Ether ETFs May Receive US Approval by July 4: Report
27.06.2024
Bitcoin ETFs See Inflows for Second Consecutive Day as BTC Holds Steady at $60K
27.06.2024