KrebsOnSecurity, a security research platform, reported that cybercriminals have attacked many cryptocurrency platforms hosted by GoDaddy over the past week. The attackers redirected email and web traffic.
According to the report, the hackers tricked GoDaddy employees to briefly transfer the control and ownership of domains related to cryptocurrency platforms. Crypto exchange liquid reported such an incident last week in a blog post mentioning that GoDaddy incorrectly transferred control of one of the core domains of the company to a malicious actor.
“On the 13th of November 2020, a domain hosting provider ‘GoDaddy’ that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts,” Mike Kayamori, CEO at Liquid, said in a statement.
Make or Break Decision: Finding the Liquidity Provider Thats Best for YouGo to article >>
Due to the incident, the attacker gained access to document storage of exchange. Following the attack, Kayamori asked all customers to change their passwords.
The report mentioned crypto-mining service NiceHash as the second victim. The company announced on 18 November that GoDaddy gave unauthorized access to its domain setting and as a result, the DNS record of its domain nicehash.com was changed. The mining service immediately froze all wallet activity for 24 hours and announced to resume withdrawals after the completion of the internal audit.
Social Engineering Scam
In recent years, attackers are targeting IT companies through social engineering scams to defraud administrators. According to KrebsOnSecurity, GoDaddy accepted that some of its employees fell for a social engineering scam. “GoDaddy acknowledged that ‘a small number’ of customer domain names had been modified after a ‘limited’ number of GoDaddy employees fell for a social engineering scam. GoDaddy said the outage between 7:00 p.m. and 11:00 p.m. PST on Nov. 17 was not related to a security incident, but rather a technical issue that materialized during planned network maintenance,” the report states.