UPDATED 22:36 EDT / NOVEMBER 18 2020


Customer data stolen in hack targeting cryptocurrency exchange Liquid

Singapore-based cryptocurrency exchange Liquid, the 18th largest exchange in the world by volume, has been hacked and customer data stolen.

Detected on Nov. 13, the hack wasn’t a direct attack on the company’s infrastructure. Instead, it involved a domain name hosting provider that manages one of company’s domain names incorrectly transferring control of the account and domain to a malicious actor.

With this access, those behind the attack changed domain name server records and took control of some of the company’s email accounts. The hacker also partially compromised Liquid’s infrastructure and gained access to storage.

Upon detecting the attack, Liquid shut down access and took action to prevent further intrusions and to mitigate the risk to customer accounts and assets. The good news is that those behind the attack did not manage to steal any funds from Liquid users and all client funds were accounted for.

That said, some customer data is believed to have been stolen, including emails, names, addresses and encrypted passwords. Liquid is investigating whether those behind the attack also gained access to personal documents provided for Know Your Customer compliance such as copies of identification cards, selfies and proof of address details.

Liquid warned its customers that the stolen data could be used for identity theft, spam email and phishing attempts.

“Regulators mandate that cryptocurrency exchanges collect and maintain KYC data, but choosing the right solutions provider matters,” Jose Caldera, chief product officer at identity verification firm Acuant Inc., told SiliconANGLE. “It is important to implement solutions that not only perform KYC, but that can also maintain KYC for exchanges, enabling them to have access to data without storing it. However, they must ensure that their KYC providers and their data partners are extremely secure. SOC-2 and PCI are examples of credentials that should be sought in a provider along with data protection in place.”

Vinay Sridhara, chief technology officer of security posture visibility company Balbix Inc., noted that the incident is another reminder of the importance of basic cyberhygiene, since DNS hijacking attacks have been fairly common against cryptocurrency services over the past few years.

“DHS hijackings happen when users are unknowingly redirected to a malicious site. In this incident, Liquid’s employees were redirected to fake login pages where their email credentials were collected and later used to access the company’s internal infrastructure,” Sridhara said. “Through this, the intruder was able to obtain the names, home addresses, emails, and encrypted passwords of users. Cryptocurrency organizations that collect transactional data must be continuously monitoring all IT assets across hundreds of potential attack vectors to detect vulnerabilities.”

Image: Liquid

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.