Emails, real names, and even the passwords of Liquid exchange users could have been compromised in a security breach. This is suggested by a press release from Mike Kayamori, CEO of the exchange, who confirmed that the company suffered a security breach last week that affected the entire service.
The event occurred on November 13 of this year, but the company claims that it decided to reveal the details of the attack this week in order to confirm how much information was exposed. Although they believe it likely that the malicious actor has access to their users’ emails, as well as their names and addresses, they still they have not been able to ascertain whether identity or residence documents were also exposed.
If this information is true, Liquid management fears that its users could become an easy target for email phishing attacks, a form of fraud that seeks to obtain sensitive financial information from potential victims by means of deception. Likewise, the statement warns of the risks of identity theft to which Liquid users would also be exposed with this security error.
Despite dire consequences to Liquid’s customer privacy, the exchange confirmed that user funds are safe. “Client funds are accounted for and remain safe and secure,” the press release noted. The cold purses of the exchange house were not compromised either.
A domain of the Liquid exchange hijacked
The breach was created after one of the Internet domain providers – web addresses – that Liquid uses mistakenly transferred one of the exchange’s domains to a malicious third party. This person took advantage of the mistake to change Liquid’s DNS records, taking control of several internal email accounts and compromising the entire infrastructure of the exchange.
Due to the extent of the attack, Liquid executives believe that the malicious actor had access to private company documents, where would also be the sensitive data of the users. The attack was quickly detected and intercepted, according to the directive, and they have taken urgent measures to strengthen the platform’s security system.
In addition to all the above, the CEO of the company, Kayamori, affirmed that they have informed the regulatory authorities about the event. The comment seems to suggest that the exchange will seek legal solutions to this event, a method that exchange houses have begun to use to deal with robberies at the hands of hackers. As CriptoNoticias reported when the KuCoin platform was hacked, who has left their case – which amounts to $ 200 million in losses – to the law.