Ordswap urges users to recover keys after losing control of website

Ordswap, a marketplace that allows users to inscribe, auction, and trade Bitcoin Ordinals, has devised a method for users to retrieve their private keys as it scrambles to regain control of its website domain.

In an Oct. 10 X (Twitter) post, the Ordswap X account shared an online tool that purports to help users who logged into the site through MetaMask to recover their Ordswap private keys, allowing them to move to other providers.

Source for metamask users to obtain key is now available below. You are able to import(hex) to Unisat. https://t.co/oETb7h7sA0 https://t.co/NGaaLiNNwW

— Ordswap (@ordswap) October 10, 2023

Hours earlier, on Oct. 9, Ordswap posted a stark warning to users not to connect to its domain as it was not in control of it. It pinned the issue on Netlify — a website development and hosting firm.

We are working on publishing source for metamask users to obtain their key if they have not already. The issue appears to be with Netlify, but we are still working through it. https://t.co/uYGxJkzGfj

— Ordswap (@ordswap) October 9, 2023

On the project’s Discord server, a member of Ordswap’s team and users reported that for a time, the website featured a button prompting users to connect their crypto wallet in an apparent attempt to phish users.

One X user reported the button was a wallet drainer — an increasingly popular tool deployed by crypto scammers. At the time of writing, Ordswap’s website automatically redirected to a competing marketplace RelayX.

An Ordswap team member on Discord claimed the project had not seen an impact on user private keys or assets due to the breach but added users could be compromised if they interacted with the site.

Related: FTX hacker could be using SBF trial as a smokescreen: CertiK

In late September, the website for the Ethereum-based automated market maker Balancer was compromised in a seemingly similar attack, with attackers making off with around $240,000 worth of funds.

Balancer later said it believed the exploiters undertook a social engineering attack on its DNS service provider EuroDNS which allowed attackers to input a prompt to trick users into approving a malicious contract that drains their wallet.

Magazine: NFT Collector: Giant Swan’s gothic VR dreamscapes… royalty nightmare on OpenSea