The vulnerability surged by mistakenly transferring the Liquid domain to a malicious actor. Liquid ensures that user funds are safe and that they took security measures.
Emails, real names, and even the passwords of Liquid exchange users are at risk of compromise due to a security breach. A press release from Mike Kayamori, CEO of the exchange, suggested it and also confirmed that the company suffered a security breach last week that affected the entire service.
The event occurred on November 13 of this year, but the company claims that it decided to reveal the details of the attack this week to confirm how much information was exposed. Although they believe it likely that the malicious actor has access to their users’ emails, as well as their names and addresses, they have not yet been able to ascertain whether identity or address documents suffered the exposure.
If this piece of information is true, Liquid management fears that its users could become an easy target for email phishing attacks, a form of fraud that seeks to obtain sensitive financial information from potential victims using deception. Likewise, the statement warns of the risks of identity theft to which Liquid users would also expose this security error.
Despite dire consequences to Liquid’s customer privacy, the exchange confirmed that all user funds are safe. “Client funds are accounted for and remain safe and secure,” the press release noted. The cold purses of the exchange house did not suffer any compromise either.
A domain of the Liquid Exchange Hijacked
The breach occurred after one of the Internet domain providers – web addresses – that Liquid uses mistakenly transferred one of the exchange’s domains to a malicious third party. This person took advantage of the mistake to change Liquid’s DNS records, taking control of several internal email accounts, and compromising the entire infrastructure of the exchange.
Due to the extent of the attack, Liquid executives believe that the malicious actor had access to private company documents, including sensitive user data. The attack was quickly detected and intercepted, according to the directive, and they took immediate measures to strengthen the platform’s security system.
In addition to all the above, the CEO of the company, Kayamori, stated that they informed the regulatory authorities about the event. The comment seems to suggest that the exchange will seek legal solutions to this event, a method that exchange houses have begun to use to deal with robberies at the hands of hackers. When the KuCoin platform suffered a hack, who has left their case – which amounts to $ 200 million in losses – to the law.
On October 16, the OKEx exchange reported about the indefinite suspension of withdrawals indefinitely amid a police investigation. The sudden disappearance of the executive and the suspension of withdrawals generated an atmosphere of uncertainty among the miners who decided to transfer the mining power to other pools.
“Although payments to its mining clients are not directly affected by OKEx’s suspension of withdrawals from business accounts, even the possibility of disbursement complications is reason enough for miners to switch pools,” he told Coindesk, Ethan Vera, co-founder of mining company Luxor Technology.
By: Jenson Nuñez.
