19 November 2020

Liquid crypto-exchange hacked, customers’ personal info exposed


Liquid crypto-exchange hacked, customers’ personal info exposed

Liquid, one of the largest cryptocurrency exchange by volume, has disclosed a security breach, which exposed its customers’ personal information, possibly including names, addresses and encrypted passwords.

According to a blog post on Liquid’s website, the incident took place last week, on Friday 13.

“On the 13th of November 2020, a domain name hosting provider that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage,” Mike Kayamori, CEO of the cryptocurrency exchange explained.

He went on to say that the attack was intercepted and contained before the intruder stole any funds, but further investigation revealed that the attacker was able to harvest personal data fr om Liquid's database wh ere user information was stored. It is not clear whether the malicious actor also obtained access to personal documents provided for KYC such as ID, selfie and proof of address.

Liquid is not the first cryptocurrency service that fell victim to a DNS hijacking attack. In June 2020, hackers obtained access to Coincheck's DNS records and modified the records to forward incoming emails to them.

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024