Saturday, January 16, 04:18
Home security Liquid crypto-exchange: Revealed security breach and data theft

Liquid crypto-exchange: Revealed security breach and data theft

Η Liquid, one of the top cryptocurrency exchange portals, revealed a infringement security. The company released one announcement on her site, where she says that last week, and specifically on Friday, November 13, one hacker managed to violate the accounts e-mail some employees and acquire access within the internal network.

Liquid security breach

The exchange service said it managed to detect the intrusion before the criminal stole money. However, the investigation revealed that the intruder was able to steal users' personal information from a base data of Liquid.

This information includes: name, home address, emails, and encrypted passwords.

Liquid CEO Mike Kayamori said the cryptocurrency exchange company is still investigating the incident and trying to see if the intruder was able to steal evidence, provided by all users when they make their first transaction on the platform.

"We do not believe there is an immediate threat to your account due to strong encryption password that we use. However, we recommend to all Liquid customers to change their password and 2FA credentials as soon as possibleSaid Kayamori.

Social engineering attack που led into a DNS hijack

The company accused him domain name provider for violation security. The company says that provider fell victim social engineering attack and incorrectly transferred the Liquid account to hacker.

The hacker gained control of the account and violated the company's DNS records, redirecting incoming traffic to a server under its control.

cryptocurrency exchange

It is believed that the criminal used access to the company's DNS records to redirects employees to fake login pages and yes collect them credentials of their corporate email. He was then able to get into the accounts e-mail employees and penetrate Liquid's internal network.

DNS hijacking attacks often target cryptocurrency exchange services. In recent years, we have several examples:

  • In June 2020, a cyber criminal violated her DNS records Coincheck to redirect users to fake login pages and steal their credentials.
  • In August 2018, an attacker violated her DNS records MyEtherWallet to collect private keys for wallets users.
  • In January 2018, hackers violated its servers BlackWallet.com and managed to steal $ 400.000 worth of Stellar Lumen (XLM).
  • In December 2017, an attacker breached her DNS records etherdelt to to redirect traffic, collect credentials and steal customer money.

Source: ZDNet

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...
00:02:36

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...