Malicious actors have now managed to momentarily take control over several cryptocurrency platforms by scamming employees at GoDaddy, the domain hosting service for these sites, in multiple attacks.
On Nov. 18, NiceHash discovered that hackers had been able to briefly redirect email and web traffic to privateemail.com, operated by Namecheap Inc. The actors were able to access the accounts after altering the settings for the cryptocurrency mining service’s domain registration at GoDaddy without proper authorization.
NiceHash confirmed that users’ information remained secure after freezing funds for 24 hours and verifying that the domain settings had been reset.
But the hackers had tried to use their internal email access to change passwords for third-party services, such as Slack and Github.
“We detected this almost immediately [and] started to mitigate [the] attack,” Matjaz Skorjanc, NiceHash founder, told KrebsOnSecurity in an email. “Luckily, we fought them off well and they did not gain access to any important service. Nothing was stolen.”
Likewise, hackers were able to take control of internal email accounts at liquid.com recently after GoDaddy employees mistakenly transferred control of the domain, the crypto exchange revealed on Nov. 18.
GoDaddy admitted to KrebsOnSecurity that a “limited” number of GoDaddy employees had fallen for a social engineering scam, allowing a “small number” of their customer’s domains to be modified.
“Our security team investigated and confirmed threat actor activity, including social engineering of a limited number of GoDaddy employees,” GoDaddy told KrebsOnSecurity.
“As threat actors become increasingly sophisticated and aggressive in their attacks, we are constantly educating employees about new tactics that might be used against them and adopting new security measures to prevent future attacks,” said GoDaddy.
Similar incidents involving scammed GoDaddy employees have allowed domains to fall vulnerable to hackers, KrebsOnSecurity noted, highlighting attacks in March and May when attackers were able to gain access to domains after reading internal notes on customer accounts to GoDaddy employees.
In other news, Germany’s Minister of Finance is not interested in pursuing private cryptocurrencies, he told delegates to the European Banking Congress on Friday (Nov. 20).
While he believes it is essential for Europe and Germany’s banking systems to innovate to adapt to the digital era, he does “not support private sector digital currencies,” he said.