Liquid Exchange hack: cyber actors stole personal data

[Dave1]

Not sure if every one is aware that Liquid Exchange has been hacked:

What happened?

On the 13th of November 2020, a domain name hosting provider that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.

It's good that no amount of money is lost, however, the cyber actors where able to harvest "included real name, home address, emails, and encrypted passwords."

So for those who have an account in Liquid, and haven't change their password and emails, please do so.

And since the hackers have stolen the email addresses, expect a lot of phishing emails, similar to what happened to Ledger breach wherein in the last month alone, we have seen phishing emails and there are people who have fallen for it.

The most dangerous and scary part is the "5 dollar wrech attack", since the hackers were able to obtain the real and physical address of the users.

https://blog.liquid.com/security-incident-november-13-2020

[Upgrade00]

It's good that no amount of money is lost, however, the cyber actors where able to harvest "included real name, home address, emails, and encrypted passwords."

So for those who have an account in Liquid, and haven't change their password and emails, please do so.

They should equally change any other account they own using the same details. People sometimes tend to repeat passwords (or similar patterns) and use one main email address for important profiles, these could potentially expose them. The email address itself could get compromised if the password is related to the one used to generate it.

And since the hackers have stolen the email addresses, expect a lot of phishing emails, similar to what happened to Ledger breach wherein in the last month alone, we have seen phishing emails and there are people who have fallen for it.

If possible, affected users should quit using those email addresses, as even Liquid cannot verify the extent of the breach, and personalized phishing attempts would expose them to hacks.

[Slow death]

it has now become much more dangerous to save a lot of money in exchange compared to the past. this is because today exchanges have become very dishonest, they can no longer tell people everything that is happening.

if an exchange is targeted by hackers, it is unlikely that the exchange talks about the real value that was stolen

example:

Silence is not golden: OKEx still quiet as customers seek answers

until today they don't want to be sincere about what is happening, yesterday I saw this:

OKEx to resume withdrawals next week with promises of 100% reserves

in the case of this exchange, I doubt that the owners of the exchange are 100% honest with customers about the amount of stolen data and what really happened

[stompix]

It's good that no amount of money is lost, however, the cyber actors where able to harvest "included real name, home address, emails, and encrypted passwords."

And maybe...

We are continuing to investigate whether the malicious actor also obtained access to personal documents provided for KYC such as ID, selfie and proof of address, and will provide an update once the investigation has concluded.

which is really serious. This whole KYC thing has gone out of hand, sooner or later everyone's id, selfie, and address alongside with all his information, mail, and accounts will be available on some darknet market place: buy the DarkPages for Alabama, 40$ for 100 000 entries, complete with selfies and shoe seizes.

The most dangerous and scary part is the "5 dollar wrech attack", since the hackers were able to obtain the real and physical address of the users.

While that is indeed a problem I don't think a bunch of robbers would start going through all that list and try picking victims that traded there, they have no clue of the balances, there is no way for them to know if the user has still bitcoins by the time they enter his house as he might have withdraw everything in fiat and all the money would be in his bank acount. Plus the whole thing is not a robbery anymore it's racketeering and it comes with a 20 yo sentence.
In my opinion, you should be more afraid of robbers if you have 100k Mercedes on your front lawn than 1000BTC in some exchange.

But still, one should try to avoid as much as he can sending all his info and pictures to some unknown company in a foreign country.

[Dave1]

Just a follow up to this supposedly hack, it was actually the an attack first on the hosting provider GoDaddy in which exchanges like Liquid, NiceHash, Bibox.com, Celsius.network, and Wirex.app.

The criminals used social engineering attack on GoDaddy's employees,

A domain hosting provider ‘GoDaddy’ that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor,” Liquid CEO Mike Kayamori said in a blog post. “This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.”

In the early morning hours of Nov. 18 Central European Time (CET), cyptocurrency mining service NiceHash disccovered that some of the settings for its domain registration records at GoDaddy were changed without authorization, briefly redirecting email and web traffic for the site. NiceHash froze all customer funds for roughly 24 hours until it was able to verify that its domain settings had been changed back to their original settings.

So once they are successful with the attack, they were able to change DNS settings, of crypto related exchanges in short take control of including the data of their customers.

https://krebsonsecurity.com/2020/11/godaddy-employees-used-in-attacks-on-multiple-cryptocurrency-services/

[hugeblack]

It is a shame that they do not encrypt personal data, try to keep it safer, or delete it when it is not needed. Stop using them
Since they did not mention the details of the hacked accounts and how privacy protection standards will be applied, this is a free license for them to sell the rest of the data on the black market and say that that data is part of the data that was leaked and sold by hackers..


anyway avoid all those Exchanges

[JeromeTash]

I have an account with them though luckily it was just the email address and maybe my names. I never carried out any KYC verification with them, so I guess I am lucky in that regard.
I recently tried logging into the exchange but got some error as though I never created any account with them, like did I know they had been hacked

[Baofeng]

I have an account with them though luckily it was just the email address and maybe my names. I never carried out any KYC verification with them, so I guess I am lucky in that regard.
I recently tried logging into the exchange but got some error as though I never created any account with them, like did I know they had been hacked

Yes, it didn't make a lot of noise in crypto world about this hack. Maybe because no one losses money, but still as the investigations continue to roll, it seems it started from the domain registrar attack and that's why these criminal was able to get over. Good thing though that Liquid and other exchanges saw what's going on, responded so no money lost except the data of their customers. But still it is still very dangerous losing this kind of data to this hackers because they use it to whatever purpose like selling it in the dark market or used this data to perform social engineering attacks in the future.

[posi]

Not sure if every one is aware that Liquid Exchange has been hacked:

The crypto community is not aware of the exchange in the subject hacking issue because the exchange is among the site that make  KYC their top priority and there KYC process is a painful experience.
With the document storage been break by the attacker, alot of people will be scam by the hacker because the exchange KYC requirement will expose alot of their users

[Greatdev]

I have account with liquid exchange but I never went through any KYC verifications, I've stop going through KYC since I've noticed they aren't safe with exchanges either, data information are costly more than we thought, those information can be sold for different reasons, this is why I like binance because KYC isn't a must and you will still be able to withdraw funds