Back to the list

Crypto Exchange Liquid Says User Data Possibly Exposed in Security Breach

www.coindesk.com 18 November 2020 21:50, UTC
Reading time: ~2 m

Customers registered with the Liquid exchange may have had their data exposed to bad actors, the company said Wednesday.

  • In a notice on its website, Liquid CEO Mike Kayamori said the attack occurred on Friday, Nov. 13.
  • "A domain name hosting provider that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor," he said.
  • The access allowed the intruders to change DNS records and then take control of "a number of internal email accounts."
  • Ultimately, they were able to "partially compromise" the exchange's infrastructure and access stored documents.
  • Kayamori said the attackers may have been able to obtain data such as users' emails, names, addresses and encrypted passwords.
  • Liquid is currently investigating whether the attacker also accessed identity documents and photos submitted for know-your-customer verification.
  • As soon as the attack was notices, Liquid "intercepted and contained the attack," the CEO said.
  • It also regained control of its domain and carried out a "comprehensive review of our infrastructure."
  • "We can confirm client funds are accounted for, and remain safe and secure. MPC-based and cold storage crypto wallets are secured and were not compromised," Kayamori said.
  • He recommended that users change their password and 2FA credentials, and be wary of possible phishing attempts to use their data.

Also see: Over $280M Drained in KuCoin Crypto Exchange Hack

Back to the list

Similar news
Suggest news