According to a blog post, the hacker convinced a domain hosting provider that manages one of Liquid’s domain names to give them control of the account and domain.
The hacker was then able to change DNS records and control internal email accounts, allowing them to view the documents stored by the domain, including user data.
CEO Mike Kayamori asserts that Liquid could contain the breach, and no cryptocurrencies appear to have been stolen.
Update on security incident from 13 November 2020.
Having contained the attack, reasserted control of the domain, and performed a comprehensive review of our infrastructure, we can confirm client funds are accounted for and remain safe and secure. https://t.co/ebbLd6eprB
— Liquid Global Official (@Liquid_Global) November 18, 2020
However, the hacker made off with sensitive user data that could later be used to steal user assets and identities.
The exchange continued to list new tokens in the week following the hack before alerting users.
Selling Liquid Data on The Dark Web
The hacker likely stole names, addresses, emails, and encrypted passwords. It’s possible that KYC data such as ID and address documents were stolen too. Liquid is investigating this possibility.
Data such as emails and corresponding passwords or identities can be sold for hefty sums on the dark web if not used by the hacker directly. It’s estimated that over 15 billion logins from 100,000 breaches have been put up for sale on the dark web, from both crypto sites and other domains.
Login details for crypto exchanges are particularly valuable.
Hackers can target the owners of emails with phishing scams to reveal their passwords or use personal data to try and steal user funds. Liquid users are advised to change their passwords and login details in light of the breach.