According to KrebsOnSecurity, the attacks started on or around November 13th on cryptocurrency trading platform liquid.com. Liquid CEO Mike Kayamori said that GoDaddy had wrongly passed ownership of the account and domain to a malicious individual.

Kayamori added that the move allowed a malicious actor to change DNS records and take control of a number of internal email accounts. In addition, a malicious attacker was able to partially infiltrate the liquid.com infrastructure and gain access to document storage.

The second victim was the NiceHash cryptocurrency mining service, which on November 18 found that some of the settings for its GoDaddy domain registration records had been updated without permission, briefly redirecting email and web traffic to the site.

NiceHash immediately froze all customers’ funds for 24 hours to prevent the attackers from transferring funds as well as to verify that they had restored their original domain settings. The company advised its clients to change their passwords and activate 2FA security.

Social engineering, where an attacker impersonates users to defraud administrators, has proven to be a popular tool for criminals looking to pilfer crypto riches.

[image: GoDaddy]