Layerswap, a platform that serves as a connection between centralized crypto exchanges and layer-2 blockchains, recently experienced a breach that resulted in the loss of approximately $100,000 in user funds. On March 20, at approximately 19:40 UTC, the layerswap.io domain was compromised, leading users to be redirected to a phishing website when attempting to access the service. Shortly after, the hacker attempted to reset Layerswap’s social media account, effectively locking out access. The slow response from domain registrar GoDaddy allowed the hacker to maintain control of the domain for an extended period. However, at around 11:07 pm UTC, Layerswap regained access to their GoDaddy account and reversed the changes made by the hacker. In response to the incident, Layerswap plans to fully refund the affected users and provide an additional 10% as compensation for the inconvenience caused.
In a separate incident, decentralized finance (DeFi) aggregator ParaSwap narrowly avoided a significant loss of funds due to a vulnerability in its newly deployed Augustus v6 contract. Despite efforts to mitigate the issue and notify users to take necessary precautions, the hacker managed to withdraw approximately $24,000 from four different addresses. A total of 386 wallet addresses were affected by the vulnerability, and ParaSwap encourages users to report any additional losses that may have gone unnoticed during the initial investigation. To safeguard against further risks, affected users are advised to revoke their approvals and utilize exploit checker services like Revoke to ensure their safety.
Please note that Layerswap did not respond to Cointelegraph’s request for comment regarding these incidents.