Customers registered with the Liquid exchange may have had their data exposed to bad actors, the company said Wednesday.
- In a notice on its website, Liquid CEO Mike Kayamori said the attack occurred on Friday, Nov. 13.
- "A domain name hosting provider that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor," he said.
- The access allowed the intruders to change DNS records and then take control of "a number of internal email accounts."
- Ultimately, they were able to "partially compromise" the exchange's infrastructure and access stored documents.
- Kayamori said the attackers may have been able to obtain data such as users' emails, names, addresses and encrypted passwords.
- Liquid is currently investigating whether the attacker also accessed identity documents and photos submitted for know-your-customer verification.
- As soon as the intrusion was noticed, Liquid "intercepted and contained the attack," the CEO said.
- It also regained control of its domain and carried out a "comprehensive review of our infrastructure."
- "We can confirm client funds are accounted for, and remain safe and secure. MPC-based and cold storage crypto wallets are secured and were not compromised," Kayamori said.
- He recommended users change their passwords and 2FA credentials, and be wary of possible phishing attempts to use their data.