CEO Mike Kayamori expressed a deep embarrassment following the recent user data loss and confirmed a hack on Liquid on November 13. In defense of not notifying customers, they stated that they wanted to understand the situation and its possible impact.
According to a blog post, the hackers convinced the domain hosting provider that manages one of Liquid’s domain names to control the account and domain. The hacker can then change DNS records and control internal email accounts to view documents stored by the domain, including user data.
CEO Mike Kayamori claims Liquid can withstand the breach, and no cryptocurrency appears to have gotten stolen.
November 13, 2020, Liquid Security Incident Update
After Liquid mastered the attack, the exchange reasserted control of the Twitter domain and carried out a comprehensive review of its infrastructure. Furthermore, it added that there will be a conclusive report on user funds, keeping in mind their safety.
However, hackers leave behind sensitive user data, which can later be used to steal consumers’ assets and identities. The exchange continued to list new tokens within a week of the hack before users got warned.
Selling Liquid Data on Dark Networks
Hackers might have stolen names, addresses, emails, and encrypted passwords, or KYC data such as user identities. Liquid is still investigating this possibility to ensure a thorough look into the situation.
Data such as emails and passwords or matching identities have lucrative markets at significant prices on dark networks; that is if hackers do not exploit the information directly. An estimate of more than 15 billion entries from 100,000 illegal network breakthroughs found their way into black markets from both crypto sites and other domains.
Personal user data on crypto platforms or otherwise is precious. Hackers can target email owners through phishing scams to reveal their passwords or use personal information to steal user funds. Liquid advised users to change their password and login credentials in connection with the breach.
Data Breaches in the Crypto Space
Attacks on corporate network infrastructure use weak or reused passwords that register corporate domain names. By infiltrating and changing these network settings, attackers can invisibly control the network and gain access to accounts and email systems, which would be much more difficult via other attack routes.
Cryptocurrency startups and exchanges are targets of high-quality hackers because successful breaches can bring substantial financial benefits. In 2018, Nano lost $170 million, while Coinrail lost $ 40 million. Likewise, Bithumb also lost $ 30 million, while Binance and Coincheck lost $ 400 million after suffering hacks.
Founded in 2014, Liquid has facilitated trading in cryptocurrencies worth $ 50 billion last year. This factor puts it among significant exchanges in the market today.