GoDaddy employees targeted in cyberattacks on cryptocurrency platforms

This Saturday cybercrime blog Krebs on Security blog reported that during the past week cyber-attacks were launched against multiple cryptocurrency services hosted by popular domain register GoDaddy.

Krebs Securities stated that the attacks were executed by targeting GoDaddy staff and redirecting email and web traffic intended for several cryptocurrency trading platforms. According to the security blog, the attacks started around 13 November with cryptocurrency trading platform liquid.com.

Liquid published a blog post by its CEO Mike Kayamori explaining the security incident.

Mike Kayamori said:

Mike Kayamori, CEO and co-founder of liquid.com

Mike Kayamori
Source: Twitter

On the 13th of November 2020, a domain hosting provider “GoDaddy” that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.

Cryptocurrency mining service NiceHash followed with an attack on 18 November. The company found that some of the settings for its domain registration records at GoDaddy were altered without authorization, which briefly redirected email and web traffic for the site. NiceHash reacted by freezing all customer funds for about 24 hours until it was able to verify that its domain settings were back to their original settings.

The company stated in a blog post:

At this moment in time, it looks like no emails, passwords, or any personal data were accessed, but we do suggest resetting your password and activate 2FA security.

GoDaddy spokesperson Dan Race said that the hosting provider immediately locked down the accounts involved in the security incident and assisted the affected customers in regaining control over their accounts. The company’s security team discovered the attacks were partly conducted through social engineering of some GoDaddy employees.


Read More:

Read Also: