Layerswap, a platform enabling transfers between centralized exchanges and layer-2 blockchains, was recently subjected to a domain hijack. The attack occurred on March 20 at approximately 7:40 UTC, when unauthorized actors gained access to Layerswap’s GoDaddy account, altering the domain’s DNS settings to redirect users to a fraudulent website. This phishing scam resulted in the theft of approximately $100,000 worth of cryptocurrency from around 50 users.
The attackers modified the domain’s DNS settings and changed the domain owner’s email address, effectively taking over the domain and associated email services. Despite an attempt to reset Layerswap’s account password, the company’s use of two-factor authentication (2FA) for its account login prevented unauthorized access. However, the phishing site displayed to users led to significant asset losses.
Response and User Compensation
Immediately recognizing the breach, Layerswap contacted GoDaddy Support for assistance. After facing initial delays, the platform regained control of their domain by 11:07 p.m. UTC, reversing the unauthorized changes. In response to the incident, Layerswap has announced plans to fully refund the affected users and provide an additional 10% compensation for the inconvenience.
Crypto Scams in Perspective
The attack on Layerswap occurs within a larger context of persistent crypto scams. A report from Scam Sniffer indicates that February 2024 alone saw $46.86 million lost to cryptocurrency scams, affecting over 57,000 individuals. While there was a decrease in the number of victims losing over $1 million, the Ethereum mainnet was notably the most affected, accounting for more than $36.2 million of the total losses.