Liquid, one of the top 20 cryptocurrency exchanges, has reported that its servers and database were victims of a recent security breach. According to its blog post, it was discovered that a hacker had successfully breached its security layers via employee email accounts.
Liquid reassured its customers and shareholders that it had contained the attack almost immediately after it detected the intruder and that no funds were stolen from anybody’s digital wallets. However, it is believed that the hacker was still able to make off with a wealth of customers’ personal details, including real names, home address, emails, and encrypted passwords.
Liquid, one of today's Top 20 crypto-exchanges, has disclosed a security breach today
-hacker social-engineered DNS provider
-hijacked Liquid's DNS records
-collected employee email passwords
-pivoted to internal network
-collected user detailshttps://t.co/01bS1oMBtM pic.twitter.com/Qx7on3PQN1
— Catalin Cimpanu (@campuscodi) November 18, 2020
To that end, Liquid says that it is still in the midst of finding out if the hacker was able to steal its customers’ proofs-of-identity date, a prerequisite security layer users are required to provide when making a transaction for the first time. In the meantime, the exchange recommends that all its customers change their passwords and two-factor authentication (2FA) as soon as possible.
Liquid isn’t the first cryptocurrency exchange to fall victim to hackers. In June this year, a hacker collective hijacked another exchange, Coincheck, and redirected users to fake login pages in order to collect passwords to over 200 accounts. In 2018, the South Korean exchange, Bithumb, was ransacked, with the hackers making off with close to RM129 million in cryptocurrency.