GoDaddy one of the most popular go to place for domain hosting is currently under security scrutiny after allowing high profile cryptocurrency domains to be taken over. The report highlights that a social engineering scam carried out on GoDaddy's employees has lead to a transfer of DNS records of highly used cryptocurrency websites to bad actors.
The attack reportedly began on Friday 13th November 2020 targeting the DNS records of liquid.com which according to the blog post by the CEO Mike Kayamori has resulted in the actors not only taking over the traffic to its website but also gaining access to its internal emails, which in turn has been enough to gain access to user data storages.
This means that a "malicious actor was able to obtain personal information from our user database. This may include data such as your email, name, address and encrypted password."
The CEO also adds that the company is "continuing to investigate whether the malicious actor also obtained access to personal documents provided for KYC such as ID, selfie and proof of address, and will provide an update once the investigation has concluded"
Reportedly a cryptocurrency mining website nicehash.com was also affected on 18th of November with its service experiencing downtime "as a result of unauthorized access to the domain settings, the DNS records for the NiceHash.com domain were changed"
Although the company does not report on any knowledge of the attackers accessing user data it does suggest its users to reset their password and activate Two Factor Authentication.
The report also highlights the potential of several other high profile cryptocurrency websites being potentially affected, however with no official disclosures by the following companies at the time of writing: celsius.network, wirex.app & bibox.com