Hackers allegedly manipulated employees at GoDaddy, the largest web domain registrar, into handing over control of various websites to cybercriminals.
Cryptocurrency trading platforms, including Liquid and NiceHash, said that GoDaddy incorrectly turned over control of their domains to malicious actors this month.
Liquid CEO Mike Kayamori wrote on the company’s blog that the access GoDaddy gave a bad actor the ability to change domain name service records, control internal email accounts, gained access to document storage, and “partially compromise” the company’s infrastructure.
“After detecting the intruder, we intercepted and contained the attack. Immediate action was taken to prevent further intrusions and to mitigate risk to customer accounts and assets,” Mr. Kayamori wrote on the company’s blog. “Before notifying customers we wanted to be sure that we understood the situation and its possible impact to you. Having contained the attack, reasserted control of the domain, and performed a comprehensive review of our infrastructure, we can confirm client funds are accounted for, and remain safe and secure.”
NiceHash froze all wallet activity on its platform for 24 hours after it discovered the problem and then resumed service with the exception of withdrawals, which it said would resume after an internal audit.
“At this moment in time, it looks like no emails, passwords, or any personal data were accessed but we do suggest resetting your password and activate [two-factor authentication] security,” NiceHash said on its website.
Precisely how many GoDaddy domain names were affected by the cyber intrusions is unclear.
GoDaddy said Monday that a “small number” customer domains and account information had unauthorized changes.
“Our security team investigated and confirmed threat actor activity, including social engineering of a limited number of GoDaddy employees,” a GoDaddy spokesperson said in a statement. “We immediately locked down the accounts involved in this incident, reverted any changes that took place to accounts, and assisted affected customers with regaining access to their accounts.”
The spokesperson said GoDaddy is constantly educating employees about new security measures to take against sophisticated and aggressive attacks aimed at the employees.
Cybercrime reporter Brian Krebs wrote last week wrote that the cyberattackers may have manipulated GoDaddy employees via persuading them to use their credentials to log in to a fraudulent GoDaddy webpage.
Precisely how many GoDaddy domain names were affected by the cyberintrusion is unclear.