Attack on crypto platforms hosted by GoDaddy
Hackers fooled employees of GoDaddy hosting provider to take control of crypto domains. Many of these platforms are still discovering new dangers associated with this attack.
The research platform KrebsOnSecurity reported that cybercriminals attacked many crypto platforms with a domain on the largest hosting platform, GoDaddy. The attackers redirected e-mail and Internet traffic. In the GoDaddy attack, the Liquid crypto exchange was the first to suffer.
The hosting provider gave the attacker control over the account and domain. The hacker changed the DNS records and took control over many internal e-mail accounts. Exchange CEO Mike Kayamori noted that the hacker partially managed to penetrate the platform system and access documents. However, no assets held by Liquid were stolen.
NiceHash, a crypto mining company, also suffered. They detected that some of their domain settings on the GoDaddy platform had been changed without authorization, thus redirecting email and internet traffic to the site for a short time. NiceHash froze all client funds for about 24 hours until the domain was verified and the problem was fixed.
NiceHash founder, Matjaz Skorjanc, said that the unauthorized changes were made from the GoDaddy website address. The scammers tried to use their access to the company's incoming emails to reset passwords in various third party services like Slack and Github.
Other victims of the attack are suspected to have been the crypto companies Bibox, Celsius and Wirex. A representative of the hosting provider admitted that the problem concerns a "small number" of domains. According to him, a small number of employees fell victim to phishing scams.