- The exchange was founded in 2014 and saw $50 billion in volume in the last 12 months.
- The hack took place on Nov. 13 and is currently under investigation.
- The breach could result in Liquid users falling prey to identity theft or phishing scams.
Share this article
According to a blog post, the hacker convinced a domain hosting provider that manages one of Liquid’s domain names to give them control of the account and domain.
The hacker was then able to change DNS records and control internal email accounts, allowing them to view the documents stored by the domain, including user data.
CEO Mike Kayamori asserts that Liquid could contain the breach, and no cryptocurrencies appear to have been stolen.
Update on security incident from 13 November 2020.
Having contained the attack, reasserted control of the domain, and performed a comprehensive review of our infrastructure, we can confirm client funds are accounted for and remain safe and secure. https://t.co/ebbLd6eprB
— Liquid Global Official (@Liquid_Global) November 18, 2020
However, the hacker made off with sensitive user data that could later be used to steal user assets and identities.
The exchange continued to list new tokens in the week following the hack before alerting users.
Selling Liquid Data on The Dark Web
The hacker likely stole names, addresses, emails, and encrypted passwords. It’s possible that KYC data such as ID and address documents were stolen too. Liquid is investigating this possibility.
Data such as emails and corresponding passwords or identities can be sold for hefty sums on the dark web if not used by the hacker directly. It’s estimated that over 15 billion logins from 100,000 breaches have been put up for sale on the dark web, from both crypto sites and other domains.
Login details for crypto exchanges are particularly valuable.
Hackers can target the owners of emails with phishing scams to reveal their passwords or use personal data to try and steal user funds. Liquid users are advised to change their passwords and login details in light of the breach.
Bitcoin Wallet Provider Ledger Compromised Again by Malicious Phishing…
The famed hardware wallet manufacturer, Ledger, has suffered from a phishing attack. The event may be connected to a leak of the company’s customer data in July 2020. Ledger Users…
Only a Black Swan Event Will Keep Bitcoin from Reaching $15,000
Bitcoin stole the crypto spotlight after slicing through a crucial resistance barrier that had been preventing it from advance further since Oct. 21. Data reveals that if buying pressure continues…
Unprecedented Twitter Breach: Barack Obama, Jeff Bezos, Joe Biden, Doz…
Billionaires, politicians, and celebrities were victimized in a large-scale phishing campaign with the hackers defrauding people for over $100,000 in Bitcoin. Hackers used their access to trick people into participating…