Bitcoin Ordinals Marketplace Ordswap Hit With Phishing Attack

Bitcoin Ordinals marketplace Ordswap has lost control of its official domain, resulting in temporarily shutting down operations. 

On October 9, the Ordswap team notified users, acknowledging that they had lost control of their official domain.

The team conveyed this message through a post on the X platform (formerly Twitter), cautioning users with the statement, “Do not connect to Ordswap domain. We are not currently in control of the domain.”

The marketplace is yet to release a comprehensive incident report stating the cause and scale of the incident. However, it has been speculated that the issue could be from a web hosting firm Netlify. 

Users from the marketplace’s discord server complained about a compromised authorization button on the Ordswap website that was placed there in an attempt to perpetrate a phishing attack.

A user on X called the button a “wallet drainer” – a tool favored by crypto hackers that tricks victims into signing a malicious transaction.

Ordswap Devises Plans to Retrieve Users Keys

In a recent update, Ordswap has introduced a solution to aid users in recovering their private keys while actively working to regain control of its website domain.

On October 10, the platform took to Twitter to announce an online tool designed to assist users who had used MetaMask to access the platform while reclaiming their Ordswap private keys.

This tool empowers users to securely transfer their assets to alternative service providers. Ordswap was launched in 2023 as a trustless marketplace to trade Bitcoin Ordinals.

The recent incident underscores the increasing sophistication of phishing attacks in recent years. 

A notable similarity can be drawn to September 20, 2023, when Balancer, an Ethereum-based automated market maker, fell victim to a similar attack, resulting in the theft of approximately $240,000 in assets.

Balancer suspected the attackers had executed a social engineering attack on its DNS service provider, EuroDNS. 

This enabled the attackers to introduce a deceptive prompt, duping users into authorizing a malicious contract that drained funds from their wallets.

However, a few hours later, the automated market maker announced that they had successfully resolved the issue, and the domain was back under their control.



Read the full article here