Recently, security researcher KrebsOnSecurity revealed that several cryptocurrency platforms hosted by renowned hosting provider Godaddy are attacked over the past week.
In line with KrebsOnSecurity, the attacks began on or around 13th November on cryptocurrency trading platform liquid.com.
Liquid CEO Mike Kayamori revealed that GoDaddy incorrectly transferred control of the account and domain to an illicit actor.
Kayamori added that the move permitted a malicious actor to modify DNS records and thus, take hold of a variety of internal email accounts. Additionally, a malicious actor was ready to partially penetrate the liquid.com infrastructure as well as gain access to document storage.
The secondary victim was cryptocurrency mining service NiceHash, that on 18th November discovered that a number of the settings for its domain registration records at GoDaddy were modified without authorization, briefly redirecting email and web traffic for the location storage.
NiceHash immediately froze all user’s funds for twenty-four hours to stopped the attackers from transferring funds & verify that they had restored their original domain settings. The firm advised its clients to change their passwords ASAP & thereby activate their 2FA security.
Social engineering, where an attacker impersonates users to defraud administrators, has proven to be a well-liked tool for criminals looking to pilfer cryptocurrency holdings. As reported earlier, a Twitter hack where attackers gained control of top user handles like Barack Obama and solicited Bitcoin, was also executed with social engineering.