Layerswap Successfully Recovers Hijacked Domain, Restoring User Funds Following $100,000 Loss

Layerswap Recovers Domain Following Hijack, Restores User Funds After $100,000 Loss


By Hassan Shittu
Last updated:
March 21, 2024 09:45 EDT
|
Reading time: 3 minutes


Layerswap, a platform that facilitates the transfer of cryptocurrencies between centralized exchanges and layer-2 blockchains, recently fell victim to a domain hijack incident. As a result, a phishing scam was carried out, resulting in the theft of approximately $100,000 worth of crypto assets from around 50 users.
In an impressive response, Layerswap has committed to fully refunding the stolen funds to the affected users. Additionally, as compensation for the inconvenience caused by the attack, they will provide a 10% bonus.
Layerswap Hit by Domain Hijack and Phishing Attack, Promises to Reimburse Users
At approximately 7:40 UTC on March 20, a significant security breach occurred involving the layerswap.io domain. The incident began when malicious individuals compromised Layerswap’s GoDaddy account, granting them the ability to modify the domain’s DNS settings. This domain hijack allowed the hackers to redirect users to a phishing site when attempting to access Layerswap’s website.
The attackers also changed the email address associated with the domain owner, gaining complete control over the DNS and email services. This unauthorized access led to an attempt to reset the password for Layerswap’s X account at 7:42 pm UTC. Notably, the password reset process for the X account did not require two-factor authentication (2FA).


Source: Layerswap Discord
Fortunately, Layerswap had 2FA enabled for the X account login, which prevented both the company and the attackers from accessing the account despite the password reset attempt. However, due to the compromise of the domain, a phishing site was displayed to users, causing approximately 50 individuals to fall victim to the scam and collectively lose around $100,000 worth of assets.
At 7:45 p.m., Layerswap promptly contacted GoDaddy Support for immediate assistance. However, they experienced delays in receiving a response. Initially, GoDaddy indicated a 12-hour response time, which was later reduced to 3 hours. This delayed response from the domain registrar allowed the hacker to maintain control over the domain for an extended period.
At around 10:21 pm, Layerswap received instructions from GoDaddy on resetting the account password. However, upon attempting to reset the password, they discovered that the account was locked, and the attackers had once again changed the associated email address.
Fortunately, by 11:07 p.m. UTC, Layerswap had regained access to their GoDaddy account. This enabled them to reverse the modifications made by the hacker and regain control of their domain.
In response to the impact on affected users, Layerswap has taken proactive measures. The company is fully reimbursing the affected users and providing an additional 10% as compensation for the inconvenience caused by the security breach.
Crypto Scammers Still Active: $46 Million Lost in February Despite Fewer Large Victims
According to a report by Cryptonews, Scam Sniffer, an anti-scam solution company, revealed that there was a significant loss of $46.86 million in cryptocurrencies due to scams in February 2024. The report highlighted that over 57,000 individuals fell victim to various phishing scams during this period. Interestingly, there was a notable 75% decrease in the number of victims losing over $1 million compared to January 2024.
Out of the total losses, the Ethereum mainnet accounted for more than $36.2 million, representing 78% of the total exploits in February. Additionally, Ethereum blockchain users made up the largest group of victims, totaling 25,029 individuals.
It is worth mentioning that on February 15, more than $6.2 million in digital assets were lost in a single day, indicating a significant surge in scam activities.
In March, the decentralized finance (DeFi) aggregator ParaSwap experienced a major vulnerability in its newly deployed Augustus v6 contract. Although ParaSwap took immediate action to roll back the v6 contract and warned users to take necessary precautions, a hacker still managed to withdraw funds worth approximately $24,000 from four different addresses. This incident affected 386 addresses, prompting the protocol to urge users to report any unexplained loss of funds during the initial investigation.
Follow Us on Google News