- Ordswap has experienced a security breach that has led to phishing risks for users’ private keys and assets.
- An online tool has been introduced for MetaMask users to recover private keys.
- The incident underscores security concerns in crypto.
In a recent crypto hack incident, Ordswap, a prominent marketplace for Bitcoin Ordinals, has fallen victim to a significant security breach that has made it lose control of its website. The platform’s website was compromised leading to potential risks for users.
Ordswap users were met with a distressing situation as the compromised website directed them to a phishing link. This deceptive link aimed to trick users into revealing their private keys and other sensitive information, posing a severe threat to their cryptocurrency assets.
Recovery tool introduced amid the chaos
In response to the security breach, Ordswap acted swiftly by providing an online tool designed to assist users who had logged into the platform through MetaMask.
Source for metamask users to obtain key is now available below. You are able to import(hex) to Unisat. https://t.co/oETb7h7sA0 https://t.co/NGaaLiNNwW
— Ordswap (@ordswap) October 10, 2023
This tool is meant to aid affected users in recovering their Ordswap private keys, allowing them to securely migrate their assets to other service providers.
Ordswap blames Netlify for the glitch
Ordswap placed the blame for the security incident on Netlify, a company specializing in website development and hosting services.
We are working on publishing source for metamask users to obtain their key if they have not already. The issue appears to be with Netlify, but we are still working through it. https://t.co/uYGxJkzGfj
— Ordswap (@ordswap) October 9, 2023
While the exact nature of the breach and its connection to Netlify remains under investigation, it highlights the vulnerabilities associated with relying on third-party service providers in the digital landscape.
Attempts to drain users’ crypto wallets
Users reported encountering a button on the compromised Ordswap website that attempted to drain their crypto wallets.
Be careful. I tried yesterday and the login with MM was a drainer. Sad. Hope you get control asap.
— $𝕚𝐑 𝐆𝔞DFŁ𝐘 ♛ (@Sir_Gadfly) October 9, 2023
This tactic, known as a wallet-draining scam, is increasingly employed by crypto scammers to illicitly siphon off digital assets. It serves as a stark reminder of the risks associated with interacting with cryptocurrency platforms.
Ordswap affirms user assets unaffected
Despite the security breach, an Ordswap team member on Discord claimed that user’s private keys and assets remained unaffected. However, users were cautioned that their security could be compromised if they continued to engage with the compromised website.
This incident underscores the critical importance of user security in the cryptocurrency space. Vigilance and caution are paramount, as phishing attempts and scams continue to target crypto enthusiasts. At the moment, the Ordswap team is actively working to regain control of its website and restore user confidence in the platform.
