Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hackers Trick GoDaddy Employees in Operation Targeting Cryptocurrency Services

Cybercriminals were able to change the DNS settings of some cryptocurrency websites after tricking GoDaddy employees into providing them with access to customer accounts.

Cybercriminals were able to change the DNS settings of some cryptocurrency websites after tricking GoDaddy employees into providing them with access to customer accounts.

The incident happened earlier this month and affected an unknown number of the company’s customers, including at least two cryptocurrency-related websites: the virtual currency trading site Liquid and crypto-mining service NiceHash.

On November 18, both services announced that threat actors were able to breach their internal systems after GoDaddy incorrectly handed over control of their accounts.

Liquid CEO Mike Kayamori revealed that the incident took place on November 13, and that the threat actor was provided with the “ability to change DNS records and in turn, take control of a number of internal email accounts.”

Thus, the malicious actor compromised the trading platform’s infrastructure and even gained access to document storage. The platform said it took the necessary steps to contain the attack immediately after identifying it, as well as to “prevent further intrusions and to mitigate risk to customer accounts and assets.”

“Having contained the attack, reasserted control of the domain, and performed a comprehensive review of our infrastructure, we can confirm client funds are accounted for, and remain safe and secure. MPC-based and cold storage crypto wallets are secured and were not compromised,” Kayamori said.

NiceHash announced that a service outage on November 18 was caused by the same GoDaddy issues, and that, “as a result of unauthorized access to the domain settings, the DNS records for the NiceHash.com domain were changed.”

Advertisement. Scroll to continue reading.

The company immediately froze all wallet activity and restored its service after ensuring that funds were safe and users had access to their wallets. Withdrawals were suspended pending the results of an internal audit into the incident.

“At this moment in time, it looks like no emails, passwords, or any personal data were accessed but we do suggest resetting your password and activate 2FA security,” the company said last week.

Looking into the incident, investigative journalist Brian Krebs discovered that threat actors leveraged social engineering to trick GoDaddy employees into transferring access to specific accounts, and that all of the targeted accounts had their emails changed to point to privateemail.com.

In addition to Liquid and NiceHash, cryptocurrency platforms that might have been targeted by the same hacking group include Bibox.com, Celsius.network, and Wirex.app.

GoDaddy appears to have acknowledged the incident, saying that only a small number of customers were affected, but without providing information on how the adversaries targeted its employees.

SecurityWeek has emailed GoDaddy for additional information on the attack and will update the article as soon as a reply arrives.

Related: GoDaddy Notifies Customers of Data Breach

Related: Twitter Hack: 24 Hours From Phishing Employees to Hijacking Accounts

Related: 2020 Rings in a New Era of Cyber Attacks – and it’s Getting Personal

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...