GoDaddy hacked by cryptocurrency hackers – Wirex, Celsius and NiceHash targeted

Watch out for your cryptos ! – GoDaddy is one of the largest web hosts and domain name managers. This year, she was the victim of a series of hacks, the most recent of which involved several companies in the cryptocurrency industry.

Hijacked crypto project websites

According to a recent report from cyber security research platform KrebsOnSecurity , hackers attempted to attack several crypto platforms hosted by GoDaddy in mid-November.

The Liquid.com exchange is one of the targets of hackers. According to Mike Kayamori , CEO of Liquid, on November 13:

“The domain hosting provider ‚GoDaddy‘, which manages one of our main domain names, mistakenly transferred control of the account and the domain to a malicious actor (…). This allowed the actor to modify the DNS records and, in turn, to take control of a number of internal email accounts (…) the malicious actor was able to partially compromise our infrastructure and gain access to storage of documents. “

The Bitcoin Trader review site , which specializes in leasing computing power for cryptocurrency mining, also reported similar issues on November 18. Some settings of his domain names at GoDaddy had been „changed without authorization“ , briefly redirecting email and web traffic.

For security, NiceHash then froze all client funds for approximately 24 hours .

Compromised GoDaddy employee accounts

According to KrebsOnSecurity’s research, other cryptoasset-related project sites may have been targeted, including Bibox.com , Celsius.network , and Wirex .

According to the first information provided by GoDaddy on the incident, some of its employees have been victims of a social engineering scam , such as voice phishing ( voice phishing , via the phone).

“As malicious actors become more sophisticated and aggressive in their attacks, we are constantly training our employees on new tactics that could be used against them and adopting new security measures to prevent future attacks. “

Dan Race, spokesman for GoDaddy

The hackers would thus have succeeded in recovering the credentials of GoDaddy employees, by fooling them on the phone so that they enter their data on a fake site .

Other than Liquid and NiceHash, the other crypto companies have not reported how much GoDaddy’s failures may have affected them (if it has).

In the crypto-asset sector, vigilance should always be required. For a user of these services, activating two-factor authentication (2FA) can already constitute an additional security barrier.