Liquid, the 16th largest cryptocurrencycryptocurrency exchange by volume, today disclosed details about a hack that exposed its customers’ personal information, possibly including names, addresses and encrypted passwords.
Update on security incident from 13 November 2020.
Having contained the attack, reasserted control of the domain, and performed a comprehensive review of our infrastructure, we can confirm client funds are accounted for and remain safe and secure. https://t.co/ebbLd6eprB
In a blog post, Mike Kayamori, CEO of the cryptocurrency exchange Liquid, said that hackers on November 13 wrestled control over one of Liquid’s domain names (quoine.com, the site of Liquid’s Japanese parent company), after hacking into its domain name hosting provider.
This allowed the hacker to control company email addresses; now inside the systems, the hacker “was able to partially compromise our infrastructure, and gain access to document storage,” said Kayamori.
Nov 13th our https://t.co/hwniBQoyk5 domain was compromised via our DNS provider. We revoked all API tokens issued prior to today, which have no IP whitelist applied. If your API key was revoked, create a new API and request to whitelist your IP address: https://t.co/RiJfeEkoTF
Kayamori said that they “intercepted and contained the attack,” took further action to protect its customers, and informed the police.
He said that customers' funds are “accounted for, and remain safe and secure,” and that cold-storage crypto wallets weren’t compromised.
However, Kayamori believes that the hacker stole personal information about its customers. “This may include data such as your email, name, address and encrypted password,” he said.
Kayamori said the firm is unsure whether the hacker also accessed ID photos, selfies and proof of addresses used for identity checks. Liquid accepts credit card and bank statements as proof of addresses.
To his customers, Kayamori said, “It is also possible that you may experience an increase in spam email and phishing attempts. Phishing attempts may be more sophisticated and difficult to detect when a malicious actor has access to your personal information.”
Change your passwords, folks.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Another day, another crypto treasury. Biotech firm Windtree Therapeutics said Thursday that it plans to buy up to $700 million worth of BNB to put on its balance sheet—one day after the asset hit a new all-time high price.
The Warrington, Pennsylvania-based company, which trades on the Nasdaq under the ticker WINT, said that it is raising up to $520 million to fuel BNB purchases after previously announcing a plan to buy $200 million in the cryptocurrency. It also said it would partner with crypt...
A former digital assets executive at BlackRock, Joseph Chalom, has joined publicly traded Ethereum treasury company SharpLink Gaming as co-CEO, the firm announced on Friday.
Chalom, who helped launch BlackRock’s Bitcoin and Ethereum ETFs, led the financial giant’s strategy on digital assets as the managing director and head of strategic ecosystem partnerships.
“After 20 years at BlackRock and helping to lead its digital asset strategy, I’m beginning a new chapter: I’ve joined SharpLink Gaming a...
At Tron’s principal place of business in Winter Park, Florida, there are no apparent signs of Chinese crypto mogul Justin Sun or the $30 billion blockchain that he founded, such as placards, business cards, or even a sign.
Instead, the publicly traded Tron—formerly known as SRM Entertainment—keeps a low profile at Regus, a communal office space in the affluent Orlando suburb, where the firm specialized in designing theme park merchandise and stuffed goods under its previous name.
Two representat...