The Liquid exchange and the NiceHash mining service are among those. The web hosting company said that several of its employees fell for a scam.
After several GoDaddy employees were stripped of their passwords due to identity theft techniques, hackers also targeted cryptocurrency platforms that the company hosted. Liquid and NiceHash services reported recent threats, although there are suspicions that other platforms could be among the victims.
Cryptocurrency exchange Liquid reported security issues in mid-November. In an official publication, Mike Kayamori, CEO of the company pointed out that GoDaddy had mistakenly handed over control of its web domain to a malicious actor.
Kayamori said that cybercriminals breached a relevant part of the site’s infrastructure, changed DNS records, took possession of several internal email accounts, and accessed vital documents.
The company suggested to its users to change passwords and take additional security measures to prevent leakage of their fragile data. He added that he neutralized the attack before hackers gained access to his clients’ accounts and assets.
Four days later, the cryptocurrency mining service NiceHash, also reported that it was the victim of an attack. The company said that after detecting unauthorized changes to the configuration of its web domain registered with GoDaddy, it decided to freeze its clients’ funds for 24 hours. In this way, it prevented attackers from transferring cryptocurrencies.
Matjaz Skorjanc, Founder of NiceHash, detailed some curious facts such as that the attackers had redirected the email of the company to a site called private email, a service provider managed by Namecheap, which is another domain name registrar. He also said that in the middle of the attack he was unable to contact his web host because at the time GoDaddy was experiencing a widespread outage of its systems.
A report by security specialist Brian Krebs assumes that other cryptocurrency platforms were also targets. Their guesses are based on the sum of various elements. For example, the mapping of the web domains registered with GoDaddy with recent alterations in their emails.
Then it analyzed the domains that were directed to private email, as happened with NiceHash. His search results included exchange Bibox, crypto-asset custody service Celsius, and digital asset payments platform Wirex. However, none of these companies responded to requests for comment, as read in the Krebs publication.
GoDaddy talks about its deceived employees
In response to Krebs ‘questions, GoDaddy acknowledged that “a small number” of its clients’ domain names were changed without authorization after a “limited” number of employees fell for phishing or phishing scams. The web hosting service provider said that on November 17, it also suffered a blackout for three hours, although it ruled out that it was related to the security incident. He said it was a technical problem that materialized during the planned maintenance of the network.
A GoDaddy spokesperson identified as Dan Race said that when the company identified the unauthorized changes to its customer’s domains, it immediately blocked the accounts involved and reversed the changes.
Race dodged related questions about how employees made unauthorized changes. In this regard, he only said that the matter was still under investigation.
GoDaddy did not show any detail about the attacks that hit multiple sites in March, including the financial services platform Escrow, which was redirected to a fake site called servicenow-godaddy.com.
In his report, Krebs suggests that the attackers behind the incidents at the beginning of the year and the ones that committed the current attack share some kind of relationship as well as the consequence of the same spoofing technique to steal the passwords.
In May, GoDaddy reported a security breach that ended up denying access to accounts with SSH, Secure Shell, or server management protocol remotely on the hosting infrastructure of the company. The company said it had found no evidence of tampering that affected customers. However, it then said it would provide free security tools for a year to all affected.
By: Jenson Nuñez.