Scammers attack GoDaddy-hosted Cryptocurrency Platforms

Several cryptocurrency platforms hosted by GoDaddy have suffered attacks led by fraudsters throughout this week — by phishing scams aimed at GoDaddy’s employees.

The first attack started on November 13 when Liquid — a cryptocurrency trading platform — stated in a blog post about a security incident and data breach. According to a report from KrebsOnSecurity, the fraudsters tricked the employees into transferring control over several cryptocurrency domains to them.

Exclusive: Fraudsters changed the email and DNS records for a number of cryptocurrency trading platforms this week, after successfully social engineering employees at GoDaddy, the world's largest domain name registrar. https://t.co/LYCdowb71Q pic.twitter.com/vlbSPsxPwI

— briankrebs (@briankrebs) November 21, 2020

Mike Kayamori, CEO of Liquid, stated that GoDaddy incorrectly transferred account control to a malicious actor:

“On the 13th of November 2020, a domain hosting provider “GoDaddy” that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor.”

Advertisement

Stated Kayamori in a blog post.

Kayamori added that the scammers changed the DNS records and took control of several internal email accounts — compromising Liquid’s infrastructure by gaining access to data storage.

NiceHash Under Attack

NiceHash, a cryptocurrency mining service, was the second GoDaddy-based platform that went under attack. The platform reported on November 18 that the settings for its registration records were changed without previous authorization.

The same thing with Liquid — the scammer changed the DNS records. Immediately, NiceHash froze its customer’s funds for 24 hours. Later, the service stated that their records were changed back to their previous settings and remained safe.

“At this moment in time, it looks like no emails, passwords, or any personal data was accessed but we do suggest resetting your password and activate 2FA security”.

stated NiceHash on their site.

Phishing is a type of online scam. The scammers impersonate legitimate organizations via email, text message, advertisement, to other companies, institutions, and people in general — in order to steal important information that could lead to the withdrawal of millions of dollars or any type of damages.

This phishing attack is not the first one to put GoDaddy in the spotlight:

• In March, a phish hooked a customer service employee from GoDaddy, — compromising the brokering platform Escrow.com, among other sites. The scammer did the same thing — he changed the DNS records, and left a malicious message on the homepage that remained for about five hours.

• According to Security Boulevard, GoDaddy suffered in October 2019 a data breach that affected 28,000 of its customers’ web hosting accounts — but GoDaddy didn’t know about the security incident until May of this year.

According to KrebsOnSecurity, other crypto platforms were possibly targeted by the same group of scammers. Platforms like Bibox, Celsius Network, and Wirex might have been victims of social engineering and phishing scams. But there are no official statements from these companies.