Crypto Exchange Liquid Says User Data Possibly Exposed in Security Breach
The exchange said customer funds are safe.
Nov 18, 2020 at 10:13 a.m. UTCUpdated Aug 19, 2021 at 5:42 a.m. UTC
:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindeskuat/QPAUQLSXNJHG3BIGMXRQAFCFZ4.jpg)
Customers registered with the Liquid exchange may have had their data exposed to bad actors, the company said Wednesday.
- In a notice on its website, Liquid CEO Mike Kayamori said the attack occurred on Friday, Nov. 13.
- "A domain name hosting provider that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor," he said.
- The access allowed the intruders to change DNS records and then take control of "a number of internal email accounts."
- Ultimately, they were able to "partially compromise" the exchange's infrastructure and access stored documents.
- Kayamori said the attackers may have been able to obtain data such as users' emails, names, addresses and encrypted passwords.
- Liquid is currently investigating whether the attacker also accessed identity documents and photos submitted for know-your-customer verification.
- As soon as the intrusion was noticed, Liquid "intercepted and contained the attack," the CEO said.
- It also regained control of its domain and carried out a "comprehensive review of our infrastructure."
- "We can confirm client funds are accounted for, and remain safe and secure. MPC-based and cold storage crypto wallets are secured and were not compromised," Kayamori said.
- He recommended users change their passwords and 2FA credentials, and be wary of possible phishing attempts to use their data.
STORY CONTINUES BELOW
13:18
Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
05:10
Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
04:07
The first video of the year 2024
40:07
The last regression video of the year 3.67.0
:format(webp)/downloads.coindesk.com/arc/failsafe/user/1x1.png)