Layerswap, a bridge connecting centralized crypto exchanges with layer-2 blockchains, has successfully regained control of its domain after a brief hijacking incident resulted in the loss of approximately $100,000 in user funds.
The bridge is fully operational and safe. We're working on a detailed report to share with our community. Meanwhile, if you have any concerns, contact us in Discord.
— Layerswap (@layerswap) March 21, 2024
On March 20, at approximately 19:40 UTC, the layerswap.io domain was compromised, redirecting users to a phishing website when attempting to access the service. Subsequently, the hacker attempted to reset Layerswap’s X account, effectively locking out access to the social media account.
Due to what Layerswap described as GoDaddy’s delayed intervention, the hacker maintained control of the domain for an extended period. However, around 11:07 pm UTC, Layerswap regained access to its GoDaddy account, enabling them to undo the changes made by the hacker.
🛠 Layerswap March 20 incident
On March 20th, around 7:40 PM UTC, the @GoDaddy account for our https://t.co/xGoN2q5vOa domain was compromised, and we're currently awaiting a comprehensive report from GoDaddy to understand the breach's specifics. Meanwhile, here's some context…
— Layerswap (@layerswap) March 21, 2024
In response to the breach, Layerswap sought explanations from GoDaddy support but found the responses lacking in clarity. The company has requested a detailed report from GoDaddy, which they plan to share with their community to ensure transparency.
The sophisticated phishing scam orchestrated against Layerswap resulted in the loss of approximately $100,000 in crypto assets from around 50 users. To address this, Layerswap has committed to fully refunding the affected users and offering an additional 10% as compensation for any inconvenience caused.
In light of the incident, Layerswap advises investors to revoke token approvals to mitigate the risk of further loss and facilitate the recovery of lost funds and assets. The platform has already begun the process of refunding affected users, prioritizing the restoration of trust and security within its community.