Layerswap, a platform facilitating transactions between centralised crypto exchanges and layer-2 blockchains, recently confronted a security breach that resulted in the unauthorised access to its domain, causing a loss of around $100,000 in users’ funds. The incident occurred on March 20, around 19:40 UTC, when the layerswap.io domain was hijacked, redirecting users to a phishing site. Subsequently, an attempt was made to reset Layerswap’s X account, effectively locking the company out of its social media account.
The response from domain registrar GoDaddy was criticised for its sluggishness, allowing the hacker prolonged control over the domain. It wasn’t until approximately 23:07 UTC that LayerSwap managed to regain access to its GoDaddy account and undo the changes made by the hacker. Despite seeking clarification from GoDaddy about the breach, Layerswap was dissatisfied with the lack of concrete answers and is awaiting a detailed report, which it plans to share with its community for transparency.
The phishing scam orchestrated against Layerswap led to the loss of approximately $100,000 in cryptocurrency from about 50 users. To mitigate the impact on affected users, Layerswap intends to fully reimburse them and offer an additional 10% as compensation for any inconvenience caused. The platform is advising investors to revoke their token approvals to prevent further losses and is in the process of refunding affected users.
Although LayerSwap did not respond immediately to Cointelegraph’s request for comment, the incident highlights the ongoing challenges faced by crypto platforms in maintaining security.
In a similar vein, ParaSwap, a decentralised finance (DeFi) aggregator, recently averted a significant loss of funds resulting from a vulnerability in its newly deployed Augustus v6 contract. Despite efforts to roll back the v6 contract and notify users to take necessary precautions, the hacker managed to withdraw funds totaling approximately $24,000 from four different addresses. A total of 386 addresses were affected by the vulnerability, prompting ParaSwap to urge users to report any unidentified losses during the initial investigation.
Users are advised to revoke their approvals to mitigate risks, and ParaSwap recommends utilising exploit checker services like Revoke to ensure their security. These incidents underscore the importance of robust security measures in the crypto space to safeguard user funds and maintain trust in decentralised platforms.