GoDaddy’s Crypto Clients Suffer Security Breach After Social Engineering Operation

Major domain name and web hosting site GoDaddy has become the latest tech firm to fall victim to a social engineering attack. Several crypto services hosted on the platform have seen security breaches, per a KrebsOnSecurity report.

Another Problem for GoDaddy

The spate of attacks began with cryptocurrency trading platform Liquid on November 13. In a separate blog post, Liquid’s chief executive Mike Kayamori accused the hosting platform of transferring domain account access to a malicious actor.

The hackers changed the DNS records and gained control of the internet domain account. Hackers were also able to access Liquid’s infrastructure and document storage.

Besides Liquid, crypto mining service NiceHash also suffered an incursion on GoDaddy. The attack happened a few days after Liquid’s account was compromised. NiceHash revealed that its domain registration records had been edited without its permission on the web host. The mining service immediately froze customer funds for 24 hours to prevent unauthorized transactions and rectify the problem.

It’s unclear how much Liquid lost to the hackers, but NiceHash confirmed that no funds went missing. However, the fact that these attacks happened is cause for concern on its own.

As KrebsOnSecurity noted, this isn’t the first time that GoDaddy has had security problems this year. In May, the news source reported that the hosting platform had suffered a security breach that left the accounts of 28,000 of its employees compromised.

The issue stemmed from a security breach that occurred in October 2019. However, GoDaddy didn’t notice it until April 2020. In a filing with California’s Attorney General’s Office, the hosting platform noted that the breach was limited to hosting accounts.

Personal information and customer accounts weren’t affected, although the company reset usernames and passwords for some of its customers.

Unlike this hack, it’s unclear how the attackers breached the company’s security systems. GoDaddy gave no additional details, leaving experts to keep guessing. KrebsOnSecurity noted that it appeared to have been a brute force attack on the company’s security infrastructure.

“On behalf of the entire GoDaddy team, we want to say how much we appreciate your business and that we sincerely regret this incident occurred. We are providing you one year of Website Security Deluxe and Express Malware Removal at no cost. These services run scans on your website to identify and alert you of any potential security vulnerabilities.” 

Twitter’s Social Engineering Snafu

The difference between the previous incident and this one appears to be the method of gaining access. Brute force attacks are usually easy to spot, but social engineering operations are much more subtle.

A similar case gripped top social media network Twitter this July. In a massive scandal, the Twitter accounts of several notable names – including Barack Obama and Elon Musk – were infiltrated.

Hackers promoted fake giveaways, asking unsuspecting victims to send BTC tokens to their addresses in exchange for possible winnings.

The hackers eventually only walked away with about $100,000 in gains, since Twitter found out soon enough and rectified the problem. A few days later, the social media platform confirmed that the attackers had conducted a coordinated social engineering attack on employees and gained access to internal systems and tools. The firm promised improved staff training and security measures going forward.