IMG-LOGO

Layerswap overrides website hack that drained $100K

News Feed - 2024-03-21 03:03:23

Arijit Sarkar2 hours agoLayerswap overrides website hack that drained $100KAccording to Layerswap, domain registrar GoDaddy’s sluggish intervention allowed the hacker to retain longer control of the domain.660 Total views5 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksLayerswap — a bridge between centralized crypto exchanges and layer-2 blockchains — regained access to its domain after a short-lived hijack drained roughly $100,000 of user funds. 


On March 20, at around 19:40 UTC, the layerswap.io domain was compromised, and users trying to access the service were redirected to a phishing website. Moments later, the hacker attempted to reset Layerswap’s X account, which locked out access to the social media account completely.


According to Layerswap, domain registrar GoDaddy’s sluggish intervention allowed the hacker to retain longer control of the domain. At around 11:07 pm UTC, LayerSwap regained the ability to log into their GoDaddy account and reset the changes made by the hacker. The company stated:“In pursuit of understanding how the breach occurred, we engaged with GoDaddy support for explanations but were left without concrete answers. We agreed to receive a detailed report via email, which we plan to share with our community for transparency.”


The elaborate Layerswap phishing scam managed to drain approximately $100,000 in crypto assets from roughly 50 users. The platform plans to fully refund the affected users and reward an additional 10% as compensation for the inconvenience caused.Source: Layerswap 


Investors are advised to revoke their token approvals to prevent further loss of funds and claim lost funds and assets. Layerswap has now started refunding affected users.


Layerswap did not immediately respond to Cointelegraph’s request for comment.


Related:GoDaddy to charge $0 for ENS .eth name pairing


Along a similar timeline, decentralized finance (DeFi) aggregator ParaSwap prevented a colossal loss of funds stemming from a vulnerability present in its newly deployed Augustus v6 contract.ParaSwap identified 386 wallet addresses being affected by the Augustus v6 contract vulnerability. Source: paraswap.notion.site


Despite ParaSwap’s efforts to roll back the v6 contract and inform users to take necessary steps, the hacker managed to cash out funds worth roughly $24,000 from four different addresses.


In total, 386 addresses were affected by the vulnerability. The protocol also asked users to report any loss of funds that may have gone unidentified during the preliminary investigation.


Affected users remain at risk as long as they haven’t revoked their approvals, and ParaSwap recommends individuals use exploit checker services like Revoke to confirm their safety.


Magazine:Bitcoin ETFs make Coinbase a ‘honeypot’ for hackers and governments: Trezor CEO# Phishing# Business# Hackers# Hacks# DeFi# Layer2Add reactionAdd reactionRead moreFTX victims will ‘never’ be whole thanks to SBF’s ‘dumpster fire’ — John RayPundits worry SEC’s Ethereum probe could be used to hold back ETFsBlackRock receives memecoins, NFTs after depositing $100M USDC onchain