19 November 2020

Liquid crypto-exchange hacked, customers’ personal info exposed


Liquid crypto-exchange hacked, customers’ personal info exposed

Liquid, one of the largest cryptocurrency exchange by volume, has disclosed a security breach, which exposed its customers’ personal information, possibly including names, addresses and encrypted passwords.

According to a blog post on Liquid’s website, the incident took place last week, on Friday 13.

“On the 13th of November 2020, a domain name hosting provider that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage,” Mike Kayamori, CEO of the cryptocurrency exchange explained.

He went on to say that the attack was intercepted and contained before the intruder stole any funds, but further investigation revealed that the attacker was able to harvest personal data fr om Liquid's database wh ere user information was stored. It is not clear whether the malicious actor also obtained access to personal documents provided for KYC such as ID, selfie and proof of address.

Liquid is not the first cryptocurrency service that fell victim to a DNS hijacking attack. In June 2020, hackers obtained access to Coincheck's DNS records and modified the records to forward incoming emails to them.

Back to the list

Latest Posts

Belden reveals data breach affecting current and former employees, business partners

Belden reveals data breach affecting current and former employees, business partners

The stolen information may have included names, birthdates, government-issued identification numbers, and bank account information.
26 November 2020
Hacker leaks usernames and passwords for nearly 50K vulnerable Fortinet VPN devices

Hacker leaks usernames and passwords for nearly 50K vulnerable Fortinet VPN devices

The data dump contains usernames, passwords, access levels, and the original unmasked IP addresses of users connected to the VPNs.
26 November 2020
FBI warns of spoofed FBI-related websites

FBI warns of spoofed FBI-related websites

Spoofed domains and email accounts could be used by foreign actors and cybercriminals to spread false information, deliver malware, or collect sensitive data.
25 November 2020