Home > News > Godaddy employees targeted and used for attacking crypto-services

Godaddy employees targeted and used for attacking crypto-services

Several crypto exchanges with a GoDaddy domain reported unauthorised changes

The world’s largest domain name registrar, GoDaddy, is scrambling to protect its employees after the company found that they were being targeted and used as part of attacks across several crypto services.

Reports indicate that the perpetrators, who have not yet been identified, redirected email and web traffic that was originally destined for several cryptocurrency trading platforms in the past week. The latest incident related to this included an attack on Liquid.com, a cryptocurrency trading platform, on 13 November.

The Chief Executive Officer, Mike Kayamori, claimed in a security incident report that “a domain hosting provider “GoDaddy” that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor”.

After this incident was noted, a crypto mining firm named NiceHash also found that a few of its settings for its domain registration records at GoDaddy had been changed without authorisation. This meant that for a brief period of time, it was redirecting email and web traffic for the site.

“In the early morning (UTC) hours of 18 November 2020, the NiceHash domain was not reachable. The domain registrar GoDaddy had technical issues and as a result of unauthorised access to the domain settings, the DNS records for the NiceHash.com domain were changed”, the company explained to its users in a blog post.

While nothing was stolen, the unauthorised charges had been made from an Internet address that was registered at GoDaddy. The attackers were also allegedly trying to finish password resets on several third-party services, including Slack and Github.

This is not the first time that GoDaddy has struggled with security breaches. Earlier this year, the company struggled with a phishing scam that allowed the attackers to seize control of over half a dozen domain names in March, and 28,000 web hosting accounts were compromised in May.

Research conducted by Farsight Security indicated that several other crypto platforms such as Bibox, Celsius Network and Wirex may have also been targeted by the same group

A spokesperson from GoDaddy regarding the issue stated that the company’s security team “investigated and confirmed threat actor activity, including social engineering of a limited number of GoDaddy employees.

However, the spokesperson did not specify the means to which the employees were lured into making the unauthorised changes, explaining that the matter is still under investigation.

Tags:
USA

Sign up to our exclusive newsletter today!

Tailored emails

No SPAM ever!

Alt coin news

Unsub anytime

After signing up, you may also receive occasional special offers from us via email. We will never sell or distribute your data to any third parties. View our privacy policy here.