GoDaddy staff allegedly manipulated to let attackers access cryptocurrency platforms


Hackers allegedly manipulated employees at GoDaddy, the largest web domain registrar, into handing over control of various websites to cybercriminals.

Cryptocurrency trading platforms, including Liquid and NiceHash, said that GoDaddy incorrectly turned over control of their domains to malicious actors this month.

Liquid CEO Mike Kayamori wrote on the company’s blog that the access GoDaddy gave a bad actor the ability to change domain name service records, control internal email accounts, gained access to document storage, and “partially compromise” the company’s infrastructure.

“After detecting the intruder, we intercepted and contained the attack. Immediate action was taken to prevent further intrusions and to mitigate risk to customer accounts and assets,” Mr. Kayamori wrote on the company’s blog. “Before notifying customers we wanted to be sure that we understood the situation and its possible impact to you. Having contained the attack, reasserted control of the domain, and performed a comprehensive review of our infrastructure, we can confirm client funds are accounted for, and remain safe and secure.”

NiceHash froze all wallet activity on its platform for 24 hours after it discovered the problem and then resumed service with the exception of withdrawals, which it said would resume after an internal audit.

“At this moment in time, it looks like no emails, passwords, or any personal data were accessed but we do suggest resetting your password and activate [two-factor authentication] security,” NiceHash said on its website.

GoDaddy did not immediately respond to request for comment on the problems at the cryptocurrency platforms that the platforms attributed to GoDaddy. The company has said it has assisted affected customers and is working to educate its employees about tactics that could be used against them, according to reports.

Cybercrime reporter Brian Krebs wrote last week wrote that the cyberattackers may have manipulated GoDaddy employees via persuading them to use their credentials to log in to a fraudulent GoDaddy webpage.

Precisely how many GoDaddy domain names were affected by the cyberintrusion is unclear.

Sign up for Daily Newsletters

View original


Please enter your comment!
Please enter your name here