GoDaddy Phishing Attack Behind Crypto Exchange Hacks

Reading Time: 2 minutes
  • A phishing attack on web hosting giant GoDaddy was the reason behind the data breach experienced by Liquid exchange last week
  • GoDaddy says a social engineering scam allowed domain login details to be leaked to hackers
  • Liquid reported last week that user details, including encrypted passwords, were stolen

A phishing attack on web hosting giant GoDaddy was the reason why cryptocurrency exchange Liquid experienced a data breach last week, it has been revealed. Cyber security website Krebs on Security reported Saturday that employees at GoDaddy were tricked into handing over domain credentials for Liquid and cloud mining firm Nicehash, with Slack and Github then targeted as a result.

Liquid and Nicehash Victims of Phishing Attack

Liquid CEO Mike Kayamori revealed last week that the exchange had been subjected to an attack after control of their domain was incorrectly given to a third party, which had led to users’ “email (addresses), name, address and encrypted password” being leaked.

At the time Kayamori revealed that the web hosting company was at fault, and Brian Krebs of Krebs on Security revealed that the company in question was GoDaddy, who have not had a good year on the security front – in March a voice phishing scam allowed attackers to assume control over several domain names, which was followed by the revelation in May that 28,000 of its customers’ accounts were compromised following a security incident that had occurred seven months prior.

GoDaddy Attack Method Remains Unknown

Although they declined to reveal the precise method of the attack, GoDaddy did admit that a “limited” number of GoDaddy employees had fallen for a social engineering scam. According to Krebs, the success rate of such attacks have increased due to the surge in remote working, which sees employees using less secure internet connections and potentially not having managerial backup as quickly as normal.

The social engineering angle seems similar to the sim swap attacks that are growing in number, which see cell phone company support staff tricked into allowing hackers to port a target’s phone details, including logins, onto their device.