Just as you can tell by the headline, GoDaddy employees were tricked to facilitate hackers into cryptocurrency exchange scam.
This was only possible through social engineering (“vishing”, to be specific).
It let the domain registrar temporarily without control of service sites Liquid and NiceHash to a fraudster.
Do you wonder how could such a big company let the gates open?
Let’s see what happened.
GoDaddy Staff and The Cryptocurrency Exchange Scam
First and foremost, it’s important to mention what Vishing is. Shortly, it’s a scam where criminals fool victims to share personal credentials over the phone.
In this case, both sites (including GoDaddy) were affected by it.
GoDaddy confirmed that this scam led to “a few” customer’s domain names being “modified” in November. Fraudsters re-directed email and web traffic to cryptocurrency exchange sites.
Of course, Liquid.com and the NiceHash trading posts were impacted.
It’s even suspected that other exchange sites were also hit and affected.
It was Mike Kayamori (Liquid’s CEO) who announced the breach on Nov. 18:
“On the 13th of November 2020, a domain hosting provider ‘GoDaddy’ that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor.
This gave the actor the ability to change DNS records and in turn, take control of several internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.”
They were able to regain control of Liquid’s domain, confirming the client’s funds were safe. After all, Liquid.com contained the attack after its discovery. The only downside, attackers may have accessed user emails, addresses, and encrypted passwords.
Their statement was: “We are continuing to investigate whether the malicious actor also obtained access to personal documents provided for KYC such as ID, selfie, and proof of address, and will provide an update once the investigation has concluded.
Similarly, NiceHash announced that during the early hours of Nov. 18 its site went down because “domain registrar GoDaddy had technical issues and as a result of unauthorized access to the domain settings, the DNS records for the NiceHash.com domain were changed.”
On the other hand, NiceHash company seemed to be more fortunate: No customer data was compromised. This might be due to its quick response, freezing wallet activity. Withdrawals were suspended for 24 hours and an internal audit took place.
Everything has worked normally since then.
NiceHash also blamed GoDaddy for the “technical issues that resulted in unauthorized access to domain settings, including DNS records for nicehash.com.”
Its founder, Matjaz Skorjanc, added that attackers tried to force password resets on 3rd-party platforms, but they won’t let it happen.
After all the drama, a GoDaddy spokesperson defended their position by saying they “immediately locked down the accounts involved in the incident and reverted changes that took place to accounts, assisting customers to regain account’s access.”
The same person added: “As threat actors become increasingly sophisticated and aggressive in their attacks, we are constantly educating employees about new tactics that might be used against them.”
Neither Liquid nor NiceHash has extended the conversation.
Maybe not many remember it, but GoDaddy reported a similar security breach in May of this year, where a “someone” accessed the firm’s hosting infrastructure, with no permission.
Also at that moment, they said there was no evidence of impacted customers, but yearly security add-ons would be gifted, for free… To anyone?
Look, I know this worries you. To be honest, everyone is susceptible to social engineering – even the most technically skilled tech companies.
Being said, combating social engineering attacks is up to how we all train organizations at all levels, about the problem.
We don’t know about everything. But fortunately for you and your business, we know a lot about cybersecurity. And believe me when I tell you that if this can happen to companies such as GoDaddy… Then it can happen to yours, as well.
Please, let me know in the comments if you were affected by it – or if you want to change your situation now.