19 November 2020

Liquid crypto-exchange hacked, customers’ personal info exposed


Liquid crypto-exchange hacked, customers’ personal info exposed

Liquid, one of the largest cryptocurrency exchange by volume, has disclosed a security breach, which exposed its customers’ personal information, possibly including names, addresses and encrypted passwords.

According to a blog post on Liquid’s website, the incident took place last week, on Friday 13.

“On the 13th of November 2020, a domain name hosting provider that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage,” Mike Kayamori, CEO of the cryptocurrency exchange explained.

He went on to say that the attack was intercepted and contained before the intruder stole any funds, but further investigation revealed that the attacker was able to harvest personal data fr om Liquid's database wh ere user information was stored. It is not clear whether the malicious actor also obtained access to personal documents provided for KYC such as ID, selfie and proof of address.

Liquid is not the first cryptocurrency service that fell victim to a DNS hijacking attack. In June 2020, hackers obtained access to Coincheck's DNS records and modified the records to forward incoming emails to them.

Back to the list

Latest Posts

Chinese cyber spies using USB devices to breach targets in Southeast Asia

Chinese cyber spies using USB devices to breach targets in Southeast Asia

The discovered artifacts suggest that the campaign has been ongoing since September 2021
30 November 2022
Spanish police dismantle cybercrime gang that stole €12M via fake banking sites

Spanish police dismantle cybercrime gang that stole €12M via fake banking sites

The malicious operation involved several fraudulent websites disguised as legitimate bank and cryptocurrency investment portals.
30 November 2022
US Cyber Command shares details on its hunt forward operations in Ukraine

US Cyber Command shares details on its hunt forward operations in Ukraine

CYBERCOM described the Ukrainian mission as the “largest hunt forward team” it deployed to date.
30 November 2022