Layerswap Regains Control After Domain Hijack; ParaSwap Prevents Major Asset Loss Despite Contract Glitch
Summary:
Layerswap, a bridge aggregator between centralized crypto exchanges and layer-2 blockchains, recently suffered a domain hijack resulting in approximately $100,000 loss for users. After gaining control, the company plans to refund the affected users plus an additional 10% compensation. Meanwhile, a DeFi aggregator, ParaSwap prevented a substantial loss of funds from a glitch in its latest Augustus v6 contract but still, the hacker managed to withdraw about $24,000 worth of funds from four different addresses.
Layerswap, a bridge connecting centralized digital asset exchanges with layer-2 blockchains, recently regained control of its domain following a brief act of cyber hijacking that resulted in nearly $100,000 of users' assets being stolen. On the evening of March 20, the layerswap.io domain was taken over and users attempting to use the service were directed to a fraudulent site. The cybercriminal soon after attempted to reset Layerswap's X account, which resulted in full denial of access to their social media account. The bridge-company asserts that GoDaddy, the domain registrar, responded too slowly, giving the hacker more time to maintain control over the domain. Around 23:07 UTC, LayerSwap was able to log back into their GoDaddy account, reversing the hacker's unauthorized changes. In a statement, the company said: "In our efforts to comprehend the breach, we reached out to GoDaddy's support for clarity but didn't receive precise answers. However, we are hoping to receive a comprehensive report via email, which we plan to share with our community for the sake of openness." In the scam, around 50 users lost a combined total of roughly $100,000 in cryptocurrency. Layerswap has plans to reimburse the users affected and to reward an additional 10% to compensate for the inconvenience caused.
Going along similar lines, ParaSwap, a decentralized finance (DeFi) aggregator, also averted a loss of large fund sums, originating from a glitch in its newly rolled-out Augustus v6 contract. ParaSwap found that 386 wallet addresses had been impacted by the vulnerability of the Augustus V6 contract. However, despite ParaSwap's best efforts to retract the v6 contract and notify users to take appropriate actions, the hacker managed to withdraw funds amounting to about $24,000 from four separate addresses. The total number of addresses impacted by this flaw was 386. The protocol also encouraged users to report any undetected losses during the initial investigation. Those affected continue to be at risk until they have withdrawn their approvals. ParaSwap advises users to utilize exploit detection services such as Revoke to ensure their safety.
Published At
3/21/2024 9:12:23 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.