Η Liquid, one of the top cryptocurrency exchange portals, revealed a infringement security. The company released one announcement on her site, where she says that last week, and specifically on Friday, November 13, one hacker managed to violate the accounts e-mail some employees and acquire access within the internal network.
The exchange service said it managed to detect the intrusion before the criminal stole money. However, the investigation revealed that the intruder was able to steal users' personal information from a base data of Liquid.
This information includes: name, home address, emails, and encrypted passwords.
Liquid CEO Mike Kayamori said the cryptocurrency exchange company is still investigating the incident and trying to see if the intruder was able to steal evidence, provided by all users when they make their first transaction on the platform.
"We do not believe there is an immediate threat to your account due to strong encryption password that we use. However, we recommend to all Liquid customers to change their password and 2FA credentials as soon as possibleSaid Kayamori.
Social engineering attack που led into a DNS hijack
The hacker gained control of the account and violated the company's DNS records, redirecting incoming traffic to a server under its control.
It is believed that the criminal used access to the company's DNS records to redirects employees to fake login pages and yes collect them credentials of their corporate email. He was then able to get into the accounts e-mail employees and penetrate Liquid's internal network.
DNS hijacking attacks often target cryptocurrency exchange services. In recent years, we have several examples:
- In June 2020, a cyber criminal violated her DNS records Coincheck to redirect users to fake login pages and steal their credentials.
- In August 2018, an attacker violated her DNS records MyEtherWallet to collect private keys for wallets users.
- In January 2018, hackers violated its servers BlackWallet.com and managed to steal $ 400.000 worth of Stellar Lumen (XLM).
- In December 2017, an attacker breached her DNS records etherdelt to to redirect traffic, collect credentials and steal customer money.