Ordswap’s website was recently hacked, and the platform has now urged users to recover their private keys as it tries to regain control of its website. As per a recent tweet, Ordswap shared a tool that would help users recover their private keys, allowing them to move to other providers.
Just a few hours before this, the platform asked its users not to access its domain as it had lost its control. Several Ordswap users and developers highlighted a button on the website that prompted them to connect their crypto wallets. This was merely deemed as being a phishing attempt.
Source for metamask users to obtain key is now available below. You are able to import(hex) to Unisat. https://t.co/oETb7h7sA0 https://t.co/NGaaLiNNwW
— Ordswap (@ordswap) October 10, 2023
The masses argued that the button was a wallet drainer, which is an increasingly popular tool used by crypto scammers. As per the current situation, many users claim that Ordswap’s website either remains inaccessible or redirects to that of RelayX, a competing marketplace. However, the platform’s team clarified that no impact was seen on the private keys of the users or the assets as a result of the exploit, but the possibility of users being exploited through the interaction with the site is still there.
Ordswap Becomes the Newest Victim of the Exploit Frenzy
Crypto-related hacks have increased considerably since the third quarter of this year, and the recent development revolves around Ordswap becoming the latest victim. 3Commas also became the newest victim of these widespread exploits. It was revealed that user accounts were compromised and unauthorized trades were made.
Furthermore, the compromised accounts made no use of two-factor authentication, thus making it easier for the exploiter to gain control. However, the platform made it clear that it would implement a new approach to resetting passwords and disabled API connections as new security measures.
In late September this year, the website for the Ethereum-based market maker, Balancer was exploited under an almost identical attack. The attackers responsible for the exploit managed to disappear with funds accounting for almost $240,000. At that time, Balancer believed that the hackers resorted to the use of a social engineering attack on its DNS service provider, which inevitably allowed them to input a prompt to trick users into approving a malicious contract that drains their wallets.