It has been reported that the attacks began on or around November 13th on cryptocurrency trading platform liquid.com.
Mike Kayamori, the CEO of Liquid, said that GoDaddy incorrectly transferred control of the account and domain to a malicious actor.
However, Kayamori added that the move allowed a malicious actor to change DNS records and take control of a number of internal email accounts. Additionally, a malicious actor was able to partially penetrate the liquid.com infrastructure and gain access to document storage.
Attackers use social engineering to gain limited administrative control over top cryptocurrency services websites such as Liquid and Nicehash https://t.co/YYMdW9S9Bo — Cointelegraph (@Cointelegraph) November 22, 2020
The report said that the second victim was cryptocurrency mining service NiceHash, which on November 18, discovered that some of the settings for its domain registration records at GoDaddy were changed without authorization, briefly redirecting e-mail and web traffic for the site.
Likewise, NiceHash immediately froze all customers’ funds for 24 hours to prevent the attackers from transferring funds as well as to verify that they had restored their original domain settings.
The company advised its clients to change their passwords and activate 2FA security.
Thus, social engineering, where an attacker impersonates users to defraud administrators, has proven to be a popular tool for criminals looking to pilfer crypto riches.