Liquid CEO Explains How the Crypto Exchange Was Hacked
Liquid, the 16th largest cryptocurrency exchange by volume, today disclosed details about a hack that exposed its customers’ personal information, possibly including names, addresses and encrypted passwords.
Update on security incident from 13 November 2020.
Having contained the attack, reasserted control of the domain, and performed a comprehensive review of our infrastructure, we can confirm client funds are accounted for and remain safe and secure. https://t.co/ebbLd6eprB
— Liquid Global Official (@Liquid_Global) November 18, 2020
In a blog post, Mike Kayamori, CEO of the cryptocurrency exchange Liquid, said that hackers on November 13 wrestled control over one of Liquid’s domain names (quoine.com, the site of Liquid’s Japanese parent company), after hacking into its domain name hosting provider.
This allowed the hacker to control company email addresses; now inside the systems, the hacker “was able to partially compromise our infrastructure, and gain access to document storage,” said Kayamori.
Nov 13th our https://t.co/hwniBQoyk5 domain was compromised via our DNS provider.
We revoked all API tokens issued prior to today, which have no IP whitelist applied.
If your API key was revoked, create a new API and request to whitelist your IP address: https://t.co/RiJfeEkoTF
— Liquid Global Official (@Liquid_Global) November 14, 2020
Kayamori said that they “intercepted and contained the attack,” took further action to protect its customers, and informed the police.
He said that customers' funds are “accounted for, and remain safe and secure,” and that cold-storage crypto wallets weren’t compromised.
However, Kayamori believes that the hacker stole personal information about its customers. “This may include data such as your email, name, address and encrypted password,” he said.
Kayamori said the firm is unsure whether the hacker also accessed ID photos, selfies and proof of addresses used for identity checks. Liquid accepts credit card and bank statements as proof of addresses.
To his customers, Kayamori said, “It is also possible that you may experience an increase in spam email and phishing attempts. Phishing attempts may be more sophisticated and difficult to detect when a malicious actor has access to your personal information.”
Change your passwords, folks.