You can check the website statistics yourself or request them from us at [email protected]
On this platform, only organic high-quality traffic
Bitcoin
$ 30,725

Layerswap Recovers Domain After Hijack, Restores User Funds After $100,000 Loss

Layerswap, a service enabling cryptocurrency transfers between centralized exchanges and layer-2 blockchains, experienced a domain hijacking incident leading to a phishing scam. Approximately $100,000 worth of crypto assets from roughly 50 users were stolen as a result.

In a laudable move, Layerswap has committed to reimbursing all affected users for the stolen funds. Furthermore, they will provide a 10% bonus to compensate for the disruption caused by the attack.

Layerswap Hit by Domain Hijack and Phishing Attack, Vows to Refund Users

At around 7:40 UTC on March 20, a significant security breach occurred involving the layerswap.io domain. The breach unfolded as malicious actors gained access to Layerswap’s GoDaddy account, allowing them to manipulate the domain’s DNS settings. This exploit enabled the hackers to divert traffic to a phishing site whenever users tried to visit Layerswap’s website.

Moreover, the attackers altered the domain owner’s email address, granting them full control over DNS and associated email services. With this unauthorized access, they attempted to initiate a password reset for Layerswap’s X account at 7:42 pm UTC. Notably, the password reset process for the X account did not mandate two-factor authentication (2FA).

Fortunately, Layerswap had 2FA enabled for its X account login, which thwarted both the company and the attackers from accessing the account despite the password reset attempt. Nevertheless, the domain compromise resulted in the presentation of a phishing site to users, leading approximately 50 individuals to fall victim to the scam, collectively losing around $100,000 worth of assets.

At 7:45 p.m., Layerswap promptly reached out to GoDaddy Support for urgent assistance. However, they encountered delays in receiving a response. Initially, GoDaddy indicated a 12-hour turnaround time, which was later reduced to 3 hours. This delayed response from the domain registrar enabled the hacker to maintain control of the domain for an extended period.

By approximately 10:21 p.m., Layerswap received instructions from GoDaddy regarding the password reset process. However, when attempting to reset the password, they discovered that the account was locked, and the attackers had once again changed the associated email address.

Fortunately, by 11:07 p.m. UTC, Layerswap had regained access to their GoDaddy account. This enabled them to undo the modifications made by the hacker and regain control of their domain.

In response to the impact on affected users, Layerswap has taken proactive measures. The company is providing full refunds to the affected users and offering an additional 10% as compensation for the inconvenience caused by the security breach.

Crypto Scammers Still Active: $46 Million Lost in February Despite Fewer Large Victims

According to a report, Scam Sniffer, an anti-scam solution company, revealed that February 2024 saw a substantial cryptocurrency loss amounting to $46.86 million due to scams. The report emphasized that over 57,000 individuals fell victim to various phishing scams during this period. Interestingly, there was a significant 75% decrease in the number of victims losing over $1 million compared to January 2024.

Of the total losses, the Ethereum mainnet accounted for more than $36.2 million, constituting 78% of the total exploits in February. Moreover, Ethereum blockchain users formed the largest group of victims, totaling 25,029 individuals.

It’s notable that on February 15 alone, more than $6.2 million in digital assets were lost, indicating a significant spike in scam activities on that day.

In March, the decentralized finance (DeFi) aggregator ParaSwap encountered a significant vulnerability in its recently deployed Augustus v6 contract. Despite ParaSwap’s immediate action to roll back the v6 contract and alert users to take necessary precautions, a hacker still managed to withdraw funds totaling approximately $24,000 from four different addresses. This incident impacted 386 addresses, prompting the protocol to urge users to report any unidentified loss of funds during the initial investigation.

Related Posts

Leave a Reply

Confirm now and stay with our news

What we write about

I want to save money. Will cryptocurrency work?

Cryptocurrency is essentially virtual money that operates in a decentralized manner, not through a bank but directly on multiple independent computers.

Every cryptocurrency has two main components: the units of digital exchange called “coins” and the network within which the exchange takes place. These units can be transferred between wallets and exchanged on exchanges. The networks in which these coins exist are called blockchains, which translates to “chains of blocks.”

Latest Articles

Coinbase Board Member Kathryn Haun to Step Down – What’s Going On?
21.04.2024By
Kenyan Volcano Turns on Lights in Rural Homes with Jack Dorsey’s Bitcoin Mining Support
21.04.2024By
Telegram to Introduce USDT Payments With Telegram Wallet and the Open Network
20.04.2024By

Latest news

Coinbase Board Member Kathryn Haun to Step Down – What’s Going On?
21.04.2024
Kenyan Volcano Turns on Lights in Rural Homes with Jack Dorsey’s Bitcoin Mining Support
21.04.2024
Telegram to Introduce USDT Payments With Telegram Wallet and the Open Network
20.04.2024
HashKey Exchange Suspends Binance Deposits and Withdrawals Citing Policy Adjustments
20.04.2024
Mango Markets Hacker Found Guilty, Faces 20 Years in Prison: Reuters
20.04.2024
Japan’s SBI Group Plans to Issue NFTs Built on XRP Ledger for World Expo 2025 in Osaka
20.04.2024
Ethereum Sees $365 Million in Revenue in Q1, Up by 155% YoY
20.04.2024
Anti-Bitcoin SEC Commissioner Caroline Crenshaw May Soon Lose Her Seat
20.04.2024
Is The Bull Market Over Before The Bitcoin Halving? Glassnode Report
20.04.2024
Escaped South Korean Criminal Suspect ‘Used Weapon to Rob OTC Crypto Buyer’
18.04.2024