Liquid Exchange Confirms Security Breach

Wednesday, 18/11/2020 | 11:59 GMT by Bilal Jafar
  • The Japanese crypto exchange said that its user data got exposed in a recent security incident.
Liquid Exchange Confirms Security Breach
Bloomberg

Cryptocurrency Exchange , Liquid confirmed today that a security breach happened on 13 November and as a result, a malicious actor was able to obtain sensitive information from the company’s database. The data may include the name, email and encrypted passwords of the users.

In an official announcement, Mike Kayamori, CEO of Liquid, addressed the customers and informed them about the nature of the attack. Kayamori outlined that there is an increased risk of identity theft and users may experience spam emails and phishing attempts.

While mentioning the details about the recent breach, Kayamori said: “A domain name Hosting provider that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.”

Immediate Actions

The exchange took immediate actions to prevent a further breach and performed a review of the infrastructure to better understand the situation. Liquid also confirmed that client funds are safe and secure. The investigation regarding the attack is still going on and the company is unsure if the hacker was able to access KYC documents of the clients including ID and proof of address.

“We have informed relevant regulatory bodies of the breach, and we will continue dialogue with them over the coming days. We will continue to review our infrastructure and take steps to bolster security with our technology partners. We do not believe there is an immediate threat to your account due to our use of strong password encryption. Nevertheless, we recommend that all Liquid customers change their password and 2FA credentials at the earliest convenience,” Kayamori added.

The Japanese digital exchange partnered with crypto trading bot provider, Hummingbot earlier this year to facilitate its clients using bots for arbitrage and market-making.

Cryptocurrency Exchange , Liquid confirmed today that a security breach happened on 13 November and as a result, a malicious actor was able to obtain sensitive information from the company’s database. The data may include the name, email and encrypted passwords of the users.

In an official announcement, Mike Kayamori, CEO of Liquid, addressed the customers and informed them about the nature of the attack. Kayamori outlined that there is an increased risk of identity theft and users may experience spam emails and phishing attempts.

While mentioning the details about the recent breach, Kayamori said: “A domain name Hosting provider that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.”

Immediate Actions

The exchange took immediate actions to prevent a further breach and performed a review of the infrastructure to better understand the situation. Liquid also confirmed that client funds are safe and secure. The investigation regarding the attack is still going on and the company is unsure if the hacker was able to access KYC documents of the clients including ID and proof of address.

“We have informed relevant regulatory bodies of the breach, and we will continue dialogue with them over the coming days. We will continue to review our infrastructure and take steps to bolster security with our technology partners. We do not believe there is an immediate threat to your account due to our use of strong password encryption. Nevertheless, we recommend that all Liquid customers change their password and 2FA credentials at the earliest convenience,” Kayamori added.

The Japanese digital exchange partnered with crypto trading bot provider, Hummingbot earlier this year to facilitate its clients using bots for arbitrage and market-making.

About the Author: Bilal Jafar
Bilal Jafar
  • 2440 Articles
  • 87 Followers
About the Author: Bilal Jafar
Bilal Jafar holds an MBA in Finance. In a professional career of more than 8 years, Jafar covered the evolution of FX, Cryptocurrencies, and Fintech. He started his career as a financial markets analyst and worked in different positions in the global media sector. Jafar writes about diverse topics within FX, Crypto, and the financial technology market.
  • 2440 Articles
  • 87 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}