Yesterday, security researcher KrebsOnSecurity reported that several cryptocurrency platforms hosted by popular hosting provider Godaddy had been attacked over the past week.
According to KrebsOnSecurity, the attacks began on or around November 13 on the cryptocurrency trading platform liquid.com.
Liquid CEO Mike Kayamori said GoDaddy wrongly transferred control of the account and domain to a malicious actor.
Kayamori added that the move allowed a malicious actor to modify DNS records and thereby gain control over a number of internal email accounts. Additionally, a malicious actor was able to partially penetrate the liquid.com infrastructure and gain access to document storage.
The second victim was cryptocurrency mining service NiceHash, which discovered on November 18 that some of the settings in its domain registration records at GoDaddy had been changed without authorization, briefly redirecting email traffic and of the Web for the site.
NiceHash immediately froze all clients’ funds for 24 hours to prevent attackers from transferring funds and to verify that they had restored their original domain settings. The company has advised its customers to change their passwords and enable 2FA security.
Social engineering, where an attacker impersonates users to defraud administrators, has proven to be a popular tool for criminals seeking to steal crypto wealth. As TBEN previously reported, a Twitter hack where attackers took control of key users such as Barack Obama and solicited Bitcoin, was also executed with social engineering.