The attackers used social engineering to defraud the GoDaddy staff.
Yesterday, security researcher KrebsOnSecurity reported that several cryptocurrency platforms hosted by popular hosting provider Godaddy have been attacked over the past week.
According to KrebsOnSecurity, the attacks began on or around November 13th on cryptocurrency trading platform liquid.com.
Liquid CEO Mike Kayamori said GoDaddy incorrectly transferred control of the account and domain to a malicious actor.
Kayamori added that the move allowed a malicious actor to change DNS records and thus, take control of a number of internal email accounts. Additionally, a malicious actor was able to partially penetrate the liquid.com infrastructure and gain access to document storage.
The second victim was cryptocurrency mining service NiceHash, which on November 18 discovered that some of the settings for its domain registration records at GoDaddy were changed without authorization, briefly redirecting email and web traffic for the site.
NiceHash immediately froze all customers’ funds for 24 hours to prevent the attackers from transferring funds as well as to verify that they had restored their original domain settings. The company advised its clients to change their passwords and activate 2FA security.
Social engineering, where an attacker impersonates users to defraud administrators, has proven to be a popular tool for criminals looking to pilfer crypto riches. As Cointelegraph has previously reported, a Twitter hack where attackers gained control of top user handles such as Barack Obama and solicited Bitcoin, was also executed with social engineering.