Cybercriminals were able to change the DNS settings of some cryptocurrency websites after tricking GoDaddy employees into providing them with access to customer accounts.
The incident happened earlier this month and affected an unknown number of the company’s customers, including at least two cryptocurrency-related websites: the virtual currency trading site Liquid and crypto-mining service NiceHash.
On November 18, both services announced that threat actors were able to breach their internal systems after GoDaddy incorrectly handed over control of their accounts.
Liquid CEO Mike Kayamori revealed that the incident took place on November 13, and that the threat actor was provided with the “ability to change DNS records and in turn, take control of a number of internal email accounts.”
Thus, the malicious actor compromised the trading platform’s infrastructure and even gained access to document storage. The platform said it took the necessary steps to contain the attack immediately after identifying it, as well as to “prevent further intrusions and to mitigate risk to customer accounts and assets.”
“Having contained the attack, reasserted control of the domain, and performed a comprehensive review of our infrastructure, we can confirm client funds are accounted for, and remain safe and secure. MPC-based and cold storage crypto wallets are secured and were not compromised,” Kayamori said.
NiceHash announced that a service outage on November 18 was caused by the same GoDaddy issues, and that, “as a result of unauthorized access to the domain settings, the DNS records for the NiceHash.com domain were changed.”
The company immediately froze all wallet activity and restored its service after ensuring that funds were safe and users had access to their wallets. Withdrawals were suspended pending th ..