- Liquid crypto exchange has recently suffered a cybersecurity hack this November.
- GoDaddy, which manages Liquid’s domain, incorrectly sent the firm’s database to malicious actors.
- Liquid advises customers to remain vigilant and change their passwords and 2FA credentials.
Liquid cryptocurrency exchange suffered a security incident and data breach on November 13, according to CEO Mike Kayamori’s blog.
As a result, the exchange’s site manager GoDaddy mistranslated a domain name of the individual’s account to malicious actors. Due to the incorrect domain transfer, the actors gained full security control. This weakened Liquid and allowed the attackers to alter authorization changes to the firm’s DNS records.
The attackers gained access to several internal email accounts effectively. Subsequently, they compromised the security of countless storage information including customer’s names, personal addresses, and encrypted passwords.
Right after Liquid detected the malicious intruders, they acted on the situation immediately to avoid further risk that could be associated with the customers’ assets and accounts.
What is more, upon the above actions taken against the actors, Liquid exchange assured its customers that their assets remain safe and secure. Also, the exchange advised customers to use MPC-based and cold storage crypto wallets.
Additionally, Liquid has gotten relevant bodies informed about the breach. It has also begun infrastructure reviews to improve the exchange’s security.
Liquid continues to update users with more insights and investigations as to whether the malicious actors got access to personal documents that are mainly provided for KYC such as ID, selfie, and proof of address.
According to Kayamori’s report, if malicious actors obtained customers’ data, there is a high risk of sophisticated spam email and phishing attempts. Liquid urges customers to remain vigilant by using strong password encryption and 2FA credentials.