GoDaddy Employees Were Used In A Massive Crypto Services Scam

As per a report released by KrebsOnSecurity, a security research platform, hackers have attacked many cryptocurrency platforms hosted by GoDaddy over the past week. The hackers were successful in redirecting email and web traffic.

The report states that hackers dupe GoDaddy employees over handling the control and ownership of domains related to cryptocurrency platforms. The crypto exchange Liquid reported this incident in the past week in a blog post stating that GoDaddy incorrectly gave control of one of the core domains of the company to a malicious actor.

Mike Kayamori, CEO at Liquid said in a statement, “On the 13th of November 2020, a domain hosting provider “GoDaddy” that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts.”

This incident led the attacker in gaining access to document storage of exchange. As a result, Kayamori asked all customers to change their passwords.

NiceHash, a crypto-mining service was the second victim as per the report. On 18th November, the company reported that GoDaddy has given unauthorized access to its domain setting and as a result, the DNS record of its domain nicehash.com was changed. The company immediately stopped all the activity of the wallet for 24 hours and announced to resume withdrawals after the completion of the internal audit.

For the past few years, hackers are targeting IT companies through social engineering scams to defraud administrators. As per KrebsOnSecurity, a popular internet domain registrar and web hosting firm, GoDaddy has accepted that some of its employees fell for a social engineering scam. It reads, “GoDaddy acknowledged that “a small number” of customer domain names had been modified after a “limited” number of GoDaddy employees fell for a social engineering scam. It further adds, “the outage between 7:00 p.m. and 11:00 p.m. PST on Nov. 17 was not related to a security incident, but rather a technical issue that materialized during planned network maintenance,”.