Customer data stolen in hack targeting cryptocurrency exchange Liquid
Singapore-based cryptocurrency exchange Liquid, the 18th largest exchange in the world by volume, has been hacked and customer data stolen.
Detected on Nov. 13, the hack wasn’t a direct attack on the company’s infrastructure. Instead, it involved a domain name hosting provider that manages one of company’s domain names incorrectly transferring control of the account and domain to a malicious actor.
With this access, those behind the attack changed domain name server records and took control of some of the company’s email accounts. The hacker also partially compromised Liquid’s infrastructure and gained access to storage.
Upon detecting the attack, Liquid shut down access and took action to prevent further intrusions and to mitigate the risk to customer accounts and assets. The good news is that those behind the attack did not manage to steal any funds from Liquid users and all client funds were accounted for.
That said, some customer data is believed to have been stolen, including emails, names, addresses and encrypted passwords. Liquid is investigating whether those behind the attack also gained access to personal documents provided for Know Your Customer compliance such as copies of identification cards, selfies and proof of address details.
Liquid warned its customers that the stolen data could be used for identity theft, spam email and phishing attempts.
“Regulators mandate that cryptocurrency exchanges collect and maintain KYC data, but choosing the right solutions provider matters,” Jose Caldera, chief product officer at identity verification firm Acuant Inc., told SiliconANGLE. “It is important to implement solutions that not only perform KYC, but that can also maintain KYC for exchanges, enabling them to have access to data without storing it. However, they must ensure that their KYC providers and their data partners are extremely secure. SOC-2 and PCI are examples of credentials that should be sought in a provider along with data protection in place.”
Vinay Sridhara, chief technology officer of security posture visibility company Balbix Inc., noted that the incident is another reminder of the importance of basic cyberhygiene, since DNS hijacking attacks have been fairly common against cryptocurrency services over the past few years.
“DHS hijackings happen when users are unknowingly redirected to a malicious site. In this incident, Liquid’s employees were redirected to fake login pages where their email credentials were collected and later used to access the company’s internal infrastructure,” Sridhara said. “Through this, the intruder was able to obtain the names, home addresses, emails, and encrypted passwords of users. Cryptocurrency organizations that collect transactional data must be continuously monitoring all IT assets across hundreds of potential attack vectors to detect vulnerabilities.”
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.