Cryptocurrency exchange Liquid on behalf of its CEO Mike Kayamori today announced a "security incident" that occurred on November 13.
According to the exchange, the hosting provider transferred control of its account and domain to an attacker who was able to change DNS records and take control of several internal email accounts. In the future, this led to " partial compromise of the infrastructure and access to the document storage."
The delay in disclosing information about the attack is explained by the exchange's desire to understand the situation and determine the possible impact on users. It States that assets and cryptocurrency vaults on the platform were not affected.
Presumably, the attacker was able to gain access to personal data of customers, including email addresses and real addresses, names, and encrypted passwords. Whether the attack affected users ' verification documents, Liquid can't tell yet.
The company warns that the stolen data can be used to organize phishing attacks on its customers, and recommends that they change their passwords and two-factor authentication codes as soon as possible. She also claims that she notified the responsible authorities about the incident and intends to continue working with them in the coming days.