Hackers Attack GoDaddy-Based Cryptocurrency Services Using 'Social Engineering'

Cybercriminals targeted cryptocurrency platforms hosted on GoDaddy earlier this month, according to security research firm KrebsOnSecurity.

In a blog post, KrebsOnSecurity revealed that hackers managed to take over the account and domain of cryptocurrency exchange Liquid.com. This was also confirmed by the exchange’s CEO, Mike Kayamori, who disclosed that the attack happened on Nov. 13.

According to Kayamori, GoDaddy incorrectly transferred control of both the account and domain to a malicious actor. With this, the criminal had the ability to change DNS records and take control of internal email accounts. At some point, the cybercriminal was also able to access document storage, the CEO said.

KrebsOnSecurity also said NiceHash, a cryptocurrency mining service, was among those who were attacked. NiceHash immediately froze all customer funds after its domain registration records were maliciously changed on GoDaddy.

“We detected this almost immediately and started to mitigate the attack,” said Matjaz Skorjanc, NiceHash’s founder. “We fought them off and they did not gain access to any important service. Nothing was stolen.”

The security research firm said the attack was done through social engineering, wherein employees of GoDaddy were tricked by the criminal into making the malicious changes.

GoDaddy, for its part, has acknowledged that a “limited” number of its employees fell victim to a social engineering scam. In a statement, the hosting provider said it immediately locked down the accounts involved, reverted any changes and assisted all its affected customers in regaining account access.

“As threat actors become increasingly sophisticated and aggressive in their attacks, we are constantly educating employees about new tactics that might be used against them and adopting new security measures to prevent future attacks,” GoDaddy spokesperson Dan Race told KrebsOnSecurity.

GoDaddy, however, did not specify how its employees were tricked.

Social engineering has become a popular tool for criminals looking for cryptocurrency, according to Cointelegraph.

In July, cybercriminals tricked Twitter employees, resulting in them obtaining access to accounts of high profile individuals including that of former President Barack Obama, then-Democratic presidential candidate Joe Biden, Tesla founder Elon Musk and cryptocurrency personalities like Changpeng "CZ" Zhao of Binance. All compromised accounts sent out links after their Twitter accounts were compromised.