Earlier this month, cybercriminals targeted GoDaddy customers to modify the DNS settings of at least two cryptocurrency websites, namely NiceHash and Liquid. There are reports that other cryptocurrency platforms Bibox.com, Celsius.network, and Wirex.app were also targeted by the same hacking group.
The attackers tricked GoDaddy employees into obtaining access to their customer accounts and could have possibly affected many of the company’s customers, including the above-mentioned crypto mining services.
A statement was released by the two affected services on November 18th stating that the attackers breached their internal systems after obtaining control of their accounts through tricking GoDaddy employees.
According to an announcement from Liquid’s CEO, Mike Kayamori, addressing crypto traders, their system was attacked on November 13th, and the attacker was able to change their DNS records and took charge of several internal email accounts to compromise its infrastructure.
The threat actor even managed to access document storage of the trading platform after successfully obtaining account access through their domain registrar GoDaddy.com.
“A domain hosting provider ‘GoDaddy’ that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor.”
Kayamori stated that immediately after detecting the attack, they took all the necessary steps to contain the attack, including reasserting the domain control and reviewing their infrastructure.
Furthermore, they implemented plans to mitigate the risk to customer accounts and prevent future attacks.
“We can confirm client funds are accounted for, and remain safe ..