Key Takeaways

  • The exchange was founded in 2014 and saw $50 billion in volume in the last 12 months.
  • The hack took place on Nov. 13 and is currently under investigation.
  • The breach could result in Liquid users falling prey to identity theft or phishing scams.

Share this article

According to a blog post, the hacker convinced a domain hosting provider that manages one of Liquid’s domain names to give them control of the account and domain.

The hacker was then able to change DNS records and control internal email accounts, allowing them to view the documents stored by the domain, including user data. 

CEO Mike Kayamori asserts that Liquid could contain the breach, and no cryptocurrencies appear to have been stolen. 

However, the hacker made off with sensitive user data that could later be used to steal user assets and identities. 

The exchange continued to list new tokens in the week following the hack before alerting users. 

Selling Liquid Data on The Dark Web

The hacker likely stole names, addresses, emails, and encrypted passwords. It’s possible that KYC data such as ID and address documents were stolen too. Liquid is investigating this possibility. 

Data such as emails and corresponding passwords or identities can be sold for hefty sums on the dark web if not used by the hacker directly. It’s estimated that over 15 billion logins from 100,000 breaches have been put up for sale on the dark web, from both crypto sites and other domains. 

Login details for crypto exchanges are particularly valuable.

Hackers can target the owners of emails with phishing scams to reveal their passwords or use personal data to try and steal user funds. Liquid users are advised to change their passwords and login details in light of the breach. 

Share this article


Please enter your comment!
Please enter your name here