19 November 2020

Liquid crypto-exchange hacked, customers’ personal info exposed


Liquid crypto-exchange hacked, customers’ personal info exposed

Liquid, one of the largest cryptocurrency exchange by volume, has disclosed a security breach, which exposed its customers’ personal information, possibly including names, addresses and encrypted passwords.

According to a blog post on Liquid’s website, the incident took place last week, on Friday 13.

“On the 13th of November 2020, a domain name hosting provider that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage,” Mike Kayamori, CEO of the cryptocurrency exchange explained.

He went on to say that the attack was intercepted and contained before the intruder stole any funds, but further investigation revealed that the attacker was able to harvest personal data fr om Liquid's database wh ere user information was stored. It is not clear whether the malicious actor also obtained access to personal documents provided for KYC such as ID, selfie and proof of address.

Liquid is not the first cryptocurrency service that fell victim to a DNS hijacking attack. In June 2020, hackers obtained access to Coincheck's DNS records and modified the records to forward incoming emails to them.

Back to the list

Latest Posts

Two Romanians arrested for running malware services

Two Romanians arrested for running malware services

The duo allegedly operated the CyberSeal and Dataprotector crypting services, as well as the CyberScan service, which allowed their customers to test their malware against antivirus solutions.
23 November 2020
Manchester United discloses a ‘sophisticated’ cyber attack

Manchester United discloses a ‘sophisticated’ cyber attack

United officials said that are not aware of any breach of personal data associated with club's fans and customers.
23 November 2020
Hacker shares a list of nearly 50,000 vulnerable Fortinet VPN devices

Hacker shares a list of nearly 50,000 vulnerable Fortinet VPN devices

The list of vulnerable targets includes domains belonging to large enterprises, financial institutions, and government organizations from all over the world.
23 November 2020