Layerswap, a bridge between centralized crypto exchanges and layer-2 blockchains, experienced a domain hijack on March 20, resulting in the redirection of users to a phishing website and the attempted reset of Layerswap’s X account.
The slow response from domain registrar GoDaddy allowed the hacker to maintain control of the layerswap.io domain for an extended period. Layerswap regained access to their account around 11:07 pm UTC, enabling them to reverse the changes made by the hacker.
Layerswap engaged with GoDaddy support to understand the breach but received insufficient explanations. They await a detailed report from GoDaddy, which they plan to share with their community for transparency.
Approximately $100,000 in crypto assets was drained from around 50 users during the phishing scam. Layerswap has committed to fully refunding affected users and offering an additional 10% as compensation.
Affected users are advised to revoke their token approvals to prevent further loss and claim any lost funds and assets. Layerswap has initiated the process of refunding affected users.
In a similar incident, decentralized finance (DeFi) aggregator ParaSwap averted significant fund loss due to a vulnerability in its Augustus v6 contract. Despite efforts to roll back the contract and inform users, funds worth approximately $24,000 were still cashed out by the hacker from four different addresses.
Affected users are urged to revoke their approvals and utilize exploit checker services like Revoke to ensure their safety. ParaSwap encourages individuals to report any unidentified loss of funds for further investigation.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up