Crypto Hackers Target GoDaddy Employees

Monday, 23/11/2020 | 06:34 GMT by Bilal Jafar
  • The fraudsters tricked employees of the hosting service provider to gain control over crypto domains.
Crypto Hackers Target GoDaddy Employees
FM

KrebsOnSecurity, a security research platform, reported that cybercriminals have attacked many cryptocurrency platforms hosted by GoDaddy over the past week. The attackers redirected email and web traffic.

According to the report, the hackers tricked GoDaddy employees to briefly transfer the control and ownership of domains related to cryptocurrency platforms. Crypto exchange liquid reported such an incident last week in a blog post mentioning that GoDaddy incorrectly transferred control of one of the core domains of the company to a malicious actor.

“On the 13th of November 2020, a domain Hosting provider 'GoDaddy' that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts,” Mike Kayamori, CEO at Liquid, said in a statement.

Due to the incident, the attacker gained access to document storage of exchange. Following the attack, Kayamori asked all customers to change their passwords.

The report mentioned Crypto Mining service NiceHash as the second victim. The company announced on 18 November that GoDaddy gave unauthorized access to its domain setting and as a result, the DNS record of its domain nicehash.com was changed. The mining service immediately froze all wallet activity for 24 hours and announced to resume withdrawals after the completion of the internal audit.

Social Engineering Scam

In recent years, attackers are targeting IT companies through social engineering scams to defraud administrators. According to KrebsOnSecurity, GoDaddy accepted that some of its employees fell for a social engineering scam. “GoDaddy acknowledged that 'a small number' of customer domain names had been modified after a 'limited' number of GoDaddy employees fell for a social engineering scam. GoDaddy said the outage between 7:00 p.m. and 11:00 p.m. PST on Nov. 17 was not related to a security incident, but rather a technical issue that materialized during planned network maintenance,” the report states.

KrebsOnSecurity, a security research platform, reported that cybercriminals have attacked many cryptocurrency platforms hosted by GoDaddy over the past week. The attackers redirected email and web traffic.

According to the report, the hackers tricked GoDaddy employees to briefly transfer the control and ownership of domains related to cryptocurrency platforms. Crypto exchange liquid reported such an incident last week in a blog post mentioning that GoDaddy incorrectly transferred control of one of the core domains of the company to a malicious actor.

“On the 13th of November 2020, a domain Hosting provider 'GoDaddy' that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts,” Mike Kayamori, CEO at Liquid, said in a statement.

Due to the incident, the attacker gained access to document storage of exchange. Following the attack, Kayamori asked all customers to change their passwords.

The report mentioned Crypto Mining service NiceHash as the second victim. The company announced on 18 November that GoDaddy gave unauthorized access to its domain setting and as a result, the DNS record of its domain nicehash.com was changed. The mining service immediately froze all wallet activity for 24 hours and announced to resume withdrawals after the completion of the internal audit.

Social Engineering Scam

In recent years, attackers are targeting IT companies through social engineering scams to defraud administrators. According to KrebsOnSecurity, GoDaddy accepted that some of its employees fell for a social engineering scam. “GoDaddy acknowledged that 'a small number' of customer domain names had been modified after a 'limited' number of GoDaddy employees fell for a social engineering scam. GoDaddy said the outage between 7:00 p.m. and 11:00 p.m. PST on Nov. 17 was not related to a security incident, but rather a technical issue that materialized during planned network maintenance,” the report states.

About the Author: Bilal Jafar
Bilal Jafar
  • 2440 Articles
  • 87 Followers
About the Author: Bilal Jafar
Bilal Jafar holds an MBA in Finance. In a professional career of more than 8 years, Jafar covered the evolution of FX, Cryptocurrencies, and Fintech. He started his career as a financial markets analyst and worked in different positions in the global media sector. Jafar writes about diverse topics within FX, Crypto, and the financial technology market.
  • 2440 Articles
  • 87 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}