Cryptocurrency exchange, Liquid confirmed today that a security breach happened on 13 November and as a result, a malicious actor was able to obtain sensitive information from the company’s database. The data may include the name, email and encrypted passwords of the users.

In an official announcement, Mike Kayamori, CEO of Liquid, addressed the customers and informed them about the nature of the attack. Kayamori outlined that there is an increased risk of identity theft and users may experience spam emails and phishing attempts.

While mentioning the details about the recent breach, Kayamori said: “A domain name hosting provider that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.”

Immediate Actions

The exchange took immediate actions to prevent a further breach and performed a review of the infrastructure to better understand the situation. Liquid also confirmed that client funds are safe and secure. The investigation regarding the attack is still going on and the company is unsure if the hacker was able to access KYC documents of the clients including ID and proof of address.

“We have informed relevant regulatory bodies of the breach, and we will continue dialogue with them over the coming days. We will continue to review our infrastructure and take steps to bolster security with our technology partners. We do not believe there is an immediate threat to your account due to our use of strong password encryption. Nevertheless, we recommend that all Liquid customers change their password and 2FA credentials at the earliest convenience,” Kayamori added.

The Japanese digital exchange partnered with crypto trading bot provider, Hummingbot earlier this year to facilitate its clients using bots for arbitrage and market-making.