Hackers have been able to take over the domain of a crypto exchange that handles some $270 million in daily volumes by tricking GoDaddy employees.
“On the 13th of November 2020, a domain hosting provider “GoDaddy” that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor,” Mike Kayamori, CEO of Liquid said before adding:
“This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.”
They say the coins are safe but “the malicious actor was able to obtain personal information from our user database. This may include data such as your email, name, address and encrypted password.
We are continuing to investigate whether the malicious actor also obtained access to personal documents provided for KYC such as ID, selfie and proof of address.”
One of the biggest cloud mining provider, NiceHash was also taken over the same way, they say:
“The domain registrar GoDaddy had technical issues and as a result of unauthorized access to the domain settings, the DNS records for the NiceHash.com domain were changed.”
NiceHash says no coins were stolen, nor any data, with the company claiming they were able to immediately lock accounts.
Kreb on Security says “several other cryptocurrency platforms also may have been targeted by the same group, including Bibox.com, Celsius.network, and Wirex.app.”
In a response to him, GoDaddy spokesperson Dan Race said:
“A routine audit of account activity identified potential unauthorized changes to a small number of customer domains and/or account information.
Our security team investigated and confirmed threat actor activity, including social engineering of a limited number of GoDaddy employees.
We immediately locked down the accounts involved in this incident, reverted any changes that took place to accounts, and assisted affected customers with regaining access to their accounts.
As threat actors become increasingly sophisticated and aggressive in their attacks, we are constantly educating employees about new tactics that might be used against them and adopting new security measures to prevent future attacks.”
That makes this the first hack of its kind, with just domains taken over here instead of the actual hosting itself which may have been a far more serious matter.