Bitcoin Ordswap, a prominent marketplace for trading Bitcoin Ordinals, recently experienced a significant setback as it lost control of its official domain. This incident has forced the platform to temporarily halt its operations.
Loss of Control and User Caution
On October 9, the Ordswap team made an announcement, informing users about the loss of control over their official domain. This communication was made through a post on the X platform (formerly Twitter), with a warning message for users: “Do not connect to Ordswap domain. We are not currently in control of the domain.”
The marketplace, however, has not released a comprehensive incident report outlining the cause and extent of the issue. Some speculation suggests that a possible culprit could be the web hosting firm Netlify.
Users on the marketplace’s discord server reported a compromised authorization button on the Ordswap website, suspected to be part of a phishing attack. This deceptive button aims to trick victims into signing a malicious transaction and has been referred to as a “wallet drainer” by users on X.
Efforts to Recover and Ensure Security
Despite the incident, Ordswap has made progress in addressing the situation. They have introduced a solution to help users recover their private keys and are actively working towards regaining control of their website domain.
On October 10, the platform took to Twitter to announce the launch of an online tool specifically designed to assist users who have used MetaMask to access the platform. This tool empowers users to securely transfer their assets to alternative service providers while reclaiming their Ordswap private keys.
The recent incident at Ordswap highlights the increasing sophistication of phishing attacks in recent years. A similar attack occurred on September 20, 2023, targeting Balancer, an Ethereum-based automated market maker, resulting in the theft of approximately $240,000 in assets.
Balancer suspected that the attackers had executed a social engineering attack on their DNS service provider, EuroDNS. This allowed the attackers to introduce a deceptive prompt, tricking users into authorizing a malicious contract that drained funds from their wallets. Fortunately, Balancer was able to resolve the issue and regain control of their domain a few hours later.