Digital currency exchange ‘Liquid’ has announced that they were the victim of a security breach that took place on November 13.
A domain name hosting provider that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.
Said Liquid CEO Mike Kayamore in Liquid’s official announcement. He went on to say that it’s possible the attacker obtained Liquid user’s email addresses, names, addresses, and encrypted passwords. The Liquid team says they are currently investigating whether the attacker was able to gain access to the personal documents that user’s provided for KYC such as ID, selfie, and proof of address.
The security breach indefinitely happened, however, the Liquid team declined to mention the severity of the breach regarding how many users may have been affected.
Next steps for Liquid
On the bright side, Liquid says that client funds remain safe and were unaffected by the security breach. However, Liquid encourages its users to update their passwords as well as their 2FA credentials as soon as possible.
“When a malicious actor obtains your personal information, there is an increased risk of identity theft,” said Kayamori. “It is also possible that you may experience an increase in spam email and phishing attempts. Phishing attempts may be more sophisticated and difficult to detect when a malicious actor has access to your personal information.”
The Liquid security breach is one of the most recent attacks to take place in the digital currency industry. In the last week, we have seen three DeFi platforms–Akropolis, Value DeFi, and Origin Protocol–exploited by way of a flash-loan attack that led to the loss of millions in each attack.
Source: Read Full Article