Customers registered with the Liquid exchange may have had their data exposed to bad actors, the company said Wednesday.
- In a notice on its website, Liquid CEO Mike Kayamori said the attack occurred on Friday, Nov. 13.
- "A domain name hosting provider that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor," he said.
- The access allowed the intruders to change DNS records and then take control of "a number of internal email accounts."
- Ultimately, they were able to "partially compromise" the exchange's infrastructure and access stored documents.
- Kayamori said the attackers may have been able to obtain data such as users' emails, names, addresses and encrypted passwords.
- Liquid is currently investigating whether the attacker also accessed identity documents and photos submitted for know-your-customer verification.
- As soon as the intrusion was noticed, Liquid "intercepted and contained the attack," the CEO said.
- It also regained control of its domain and carried out a "comprehensive review of our infrastructure."
- "We can confirm client funds are accounted for, and remain safe and secure. MPC-based and cold storage crypto wallets are secured and were not compromised," Kayamori said.
- He recommended users change their passwords and 2FA credentials, and be wary of possible phishing attempts to use their data.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.