One of the world's largest cryptocurrency exchanges, Liquid, reported about the attack last week. The company said that on November 13, 2020, an unknown attacker compromised the email accounts of several employees and eventually entered the company's internal network.
The Liquid administration assures that the intrusion was discovered before the hacker was able to steal any funds. However, as the investigation showed, the attacker managed to steal information from the Liquid database, in which the data of exchange users were stored.
It has already been confirmed that data such as the real usernames, home addresses, e-mail addresses and encrypted passwords fell into the hands of the attacker. Since the company is still investigating the incident, it is not yet clear whether the attacker was able to steal user ID data, as all Liquid customers are required to submit such documents when making their first transaction.
“We do not believe there is any direct threat to your accounts as we use strong password encryption. However, we recommend that all Liquid customers change their passwords and 2FA credentials as soon as possible, ”says CEO Mike Kayamori.
Liquid's statement states that the reason for the hack was the compromise of a domain name provider, whose employees became victims of social engineering and transferred the control of Liquid's account to the hacker. After gaining control of this account, the attacker modified the DNS records, directing incoming traffic to the server under his control. The company says that in this way the attacker redirected employees to fake login pages and collected credentials from their work mailboxes. He then used this data to access employee email accounts and further transition to Liquid's internal infrastructure.
Unfortunately, such attacks are by no means rare. For example, in the summer of 2020, the Coincheck exchange underwent a similar compromise via DNS. Then users were redirected to fake login pages, and the attacker collected passwords from about 200 accounts. Wallet suffered from a similar attack in 2018 MyEtherWallet, and in 2017 – EtherDelta exchange.