Crypto Exchange Liquid Says User Data Possibly Exposed in Security Breach
The exchange said customer funds are safe.
Nov 18, 2020 at 10:13 a.m. UTC:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/FTFPIPUWPFFT7B6OX43NY4VHWI.jpg)
Customers registered with the Liquid exchange may have had their data exposed to bad actors, the company said Wednesday.
- In a notice on its website, Liquid CEO Mike Kayamori said the attack occurred on Friday, Nov. 13.
- "A domain name hosting provider that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor," he said.
- The access allowed the intruders to change DNS records and then take control of "a number of internal email accounts."
- Ultimately, they were able to "partially compromise" the exchange's infrastructure and access stored documents.
- Kayamori said the attackers may have been able to obtain data such as users' emails, names, addresses and encrypted passwords.
- Liquid is currently investigating whether the attacker also accessed identity documents and photos submitted for know-your-customer verification.
- As soon as the intrusion was noticed, Liquid "intercepted and contained the attack," the CEO said.
- It also regained control of its domain and carried out a "comprehensive review of our infrastructure."
- "We can confirm client funds are accounted for, and remain safe and secure. MPC-based and cold storage crypto wallets are secured and were not compromised," Kayamori said.
- He recommended users change their passwords and 2FA credentials, and be wary of possible phishing attempts to use their data.
DISCLOSURE
Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
:format(webp)/downloads.coindesk.com/arc/failsafe/user/1x1.png)
Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.