In brief

  • Crypto exchange Liquid was hacked last Friday.
  • Funds are safe, says the company.
  • But the hacker stole personal information about Liquid's customers.

Liquid, the 16th largest cryptocurrency exchange by volume, today disclosed details about a hack that exposed its customers’ personal information, possibly including names, addresses and encrypted passwords.

In a blog post, Mike Kayamori, CEO of the cryptocurrency exchange Liquid, said that hackers on November 13 wrestled control over one of Liquid’s domain names (quoine.com, the site of Liquid’s Japanese parent company), after hacking into its domain name hosting provider. 

This allowed the hacker to control company email addresses; now inside the systems, the hacker “was able to partially compromise our infrastructure, and gain access to document storage,” said Kayamori.

Kayamori said that they “intercepted and contained the attack,” took further action to protect its customers, and informed the police. 

He said that customers' funds are “accounted for, and remain safe and secure,” and that cold-storage crypto wallets weren’t compromised. 

However, Kayamori believes that the hacker stole personal information about its customers. “This may include data such as your email, name, address and encrypted password,” he said. 

Kayamori said the firm is unsure whether the hacker also accessed ID photos, selfies and proof of addresses used for identity checks. Liquid accepts credit card and bank statements as proof of addresses.

To his customers, Kayamori said, “It is also possible that you may experience an increase in spam email and phishing attempts. Phishing attempts may be more sophisticated and difficult to detect when a malicious actor has access to your personal information.” 

Change your passwords, folks.