Officials at the crypto-currency exchange Liquid released a blog stating they were a victim of a cyber-attack. The company stated that on Friday, November 13th, 2020 a hacker managed to compromise an employee email account. After the compromise, the attacker was able to pivot to the internal network of the company. Liquid stated that they detected the attack before any funds were able to be stolen, but the attacker still managed to steal some information. This information included names, home addresses, emails, and encrypted passwords of customers. The company believes that the attack used access to the company’s DNS records to redirect employees to fake login pages that captured the username (email) and password that was entered by the employees.
Analyst Notes
DNS hijacking continues to be a major form of attack for crypto-currency exchanges. These social engineering attacks continue to be profitable for attackers that target exchanges. Luckily for Liquid, they managed to detect the attack before any money could be stolen. Users of this crypto exchange should still be wary of attacks targeting them because their email and encrypted passwords were stolen. 2-Factor-Authentication (2FA) should also be enabled for all users to prevent unauthorized logins to their accounts. Utilizing third-party applications for 2FA is important because SMS messaging 2FA can easily be compromised. Like liquid had, utilizing monitoring such as Binary Defense’s Managed Detection and Response is a great way to detect attacks before they cause too much damage.
More can be read here: https://www.zdnet.com/article/liquid-crypto-exchange-says-hacker-accessed-internal-network-stole-user-data/
