Japan-Based, Liquid Exchange User Data Breach Exposes Issues With Know Your Customer (KYC)
- Liquid exchange CEO Mike Kayamori disclosed the post mortem of the users’ data breach and security incident on November 13th on the exchange.
- He confirmed that despite the hackers gaining access to users’ confidential data, the client’s funds remain securely stored in cold storage wallets.
A letter sent out to Japan-based, Liquid exchange users from the CEO, Mike Kayamori, states the exchange experienced a data breach and security inconsistencies on Friday, November 13, 2020. According to the statement, GoDaddy, a popular domain name system (DNS) manager, “incorrectly transferred control of the account and domain to a malicious actor.” This allowed the actor to control the domain name and collect several contacts and emails of Liquid’s users.
The hacker was able to take over one of the company’s email addresses that allowed them access to the systems. This allowed the hackers to “partially compromise [Liquid’s] infrastructure, and gain access to document storage.”
Users on the exchange could see some of their personal information such as email, name, address, and encrypted password compromised by the hackers. Moreover, know-your-customer (KYC) details such as identification documents, selfies, and proof of address could also be obtained by the malicious actor.
The development team took a while to respond and disclose the hack to its users to understand the situation before notifying customers. Liquid users’ funds remain safe and secure, Kayamori assured his customers writing,
“[…]We can confirm client funds are accounted for and remain safe and secure. MPC-based and cold storage crypto wallets are secured and were not compromised.”
Liquid has reported the matter to the relevant authorities and is working on strengthening the security systems. Users are advised to regularly change their encrypted passwords and switch their 2FA to kill off any attacker threats.