GoDaddy’s DNS Hack Is at the Center of Several Crypto Domains Being Compromised: Report
- Several cryptocurrency companies were targeted in the recent hack on GoDaddy.com, the largest global domain manager, including Japan-based crypto exchange Liquid.com and crypto mining service, NiceHash.
Earlier this month, BEG reported that Japan-based cryptocurrency exchange, Liquid.com, experienced a data breach hack, affecting the users’ Know your Customer (KYC) information. The attack follows GoDaddy’s, the world’s largest domain registrar, an incursion that saw hackers trick the firm’s employees into transferring ownership and control over targeted domains.
In an analysis of the recent intrusions, Krebs on Security, a cybersecurity website, reported four more cryptocurrency firms were target to phishing and “vishing” attempts, similar to Liquid exchange.
In a letter shared to crypto traders on its exchange, Liquid.com CEO Mike Kayamori stated that several customers’ data, including email addresses and passwords, were compromised following malicious attacks on their domain registrar, GoDaddy. Mike stated,
“A domain hosting provider ‘GoDaddy’ that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor.”
This allowed the attacker to control and change the domain name system (DNS) and control some email accounts at Liquid exchange. This allowed the attacker to compromise some of the exchange data and gain access to the firm's document storage.
NiceHash, a cryptocurrency mining service, was also compromised from GoDaddy's malicious attack, the report stated. Five days after Liquid noticed the attack, NiceHash also found out that its domain registration records were being changed without authorization. To secure the customers’ funds, the crypto mining service shut down their website for 24 hours, resuming operations a day later. A blog post from the company reads,
“In the early morning (UTC) hours of November 18, 2020, the NiceHash domain was not reachable. The domain registrar GoDaddy had technical issues, and as a result of unauthorized access to the domain settings, the DNS records for the NiceHash.com domain were changed”.
An analysis of the hackers’ accounts showed that the affected domains were redirected to set email addresses and websites. Further research shows three other crypto firms, including Bitbox, Celsius.network, and Wirex.app, could also have been affected.
GoDaddy’s spokesperson, Dan Race, confirmed the attack affected its employees’ details through phishing and voice phishing hacks. His statement further reads,
“As threat actors become increasingly sophisticated and aggressive in their attacks, we are constantly educating employees about new tactics that might be used against them and adopting new security measures to prevent future attacks.”
This attack is similar to the recent Twitter hack in July, whereby hackers compromised over 130+ high-profile accounts in an established cryptocurrency scam. The firm’s employees were tricked using social engineering to take over the company’s administrative tools.