Hackers tricked GoDaddy into helping attacks on cryptocurrency services

GoDaddy offices
Image Credit: GoDaddy

Security researchers have discovered that web hosting giant and the world's largest domain name registrar GoDaddy inadvertently helped attackers to take down a number of cryptocurrency sites. 

According to KrebsOnSecurity, malicious actors managed to trick a limited number of GoDaddy employees into handing over control or ownership of web domains belonging to several cryptocurrency sites by using a social engineering scam.

One of the victims, cryptocurrency trading platform liquid.com, noted that the attackers acquired the ability to change DNS records and, as a result, gain control of a number of internal email accounts. Internal document storage was also compromised. Cryptocurrency mining service NiceHash is another platform to have confirmed an attack.

Apart from those two firms, domain alteration records suggest that Bibox, Celsius and Wirex may also have been targeted, but none of those platforms have confirmed or denied the reports. In response to the attacks, GoDaddy said that it reverted any changes, locked down the affected accounts and immediately began worked on restoring access for any disrupted customers.

Go vish

The latest incident will provide further disappointment at GoDaddy, which has experienced a bad year in terms of security problems. Back in May 2020, for example, the company disclosed that 28,000 of its customers’ web hosting accounts had been compromised. And in March 2020, the company was the victim of a voice phishing, or vishing, campaign that put key customer records at risk.

It is not clear how GoDaddy employees were tricked this time round, but vishing campaigns can prove surprisingly effective, particularly when attackers adopt the role of IT personnel attempting to fix technical problems.

In addition, the coronavirus pandemic has made it more difficult for companies to safeguard against phishing attacks, with more members of staff working remotely. This makes it more difficult to verify information requests – something that attackers have been quick to pounce upon.

Via Engadget

Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.