According to a Nov. 21 report by popular cybercrime blog KrebsOnSecurity, the domains of multiple cryptocurrency services have been attacked by hackers who pulled off a successful social engineering attack on web hosting company GoDaddy last week.
Cryptocurrency exchange Liquid, hash power broker NiceHash, and digital payment platform Wirex and a few other names had their DNS records changed by the fraudsters.
Here’s how hackers pulled this off
On Nov. 13, multiple GoDaddy employees were deceived into handing control over the domains of the aforementioned cryptocurrency platforms to malicious actors.
While the details of the successful attack remain unknown, the fraudsters likely relied on voice phishing to dupe their targets.
Voice phishing (or vishing) is a verbal social engineering scam that aims to steal sensitive information or money from unsuspecting victims. To make GoDaddy staff fall for its tricks, whoever was behind the attack likely used spear-vishing techniques to target specific employees instead of sending scattershot messages.
Liquid claimed that the malicious actor was able to get access to its customers’ personal information in its Nov. 18 blog post.
GoDaddy states that it will focus on educating its employees in order to prevent such incidents in the future.
“As threat actors become increasingly sophisticated and aggressive in their attacks, we are constantly educating employees about new tactics that might be used against them and adopting new security measures to prevent future attacks.”
Social engineering attacks on the rise
While the reputation of the largest domain registrar might have taken another significant hit, it is not alone in its fight against cybercriminals. Social media giant Twitter fell victim to a social engineering attack that made the official accounts of Elon Musk, Bill Gates, and other prominent Twitter personalities promote a Bitcoin scam in mid-July.
As reported by U.Today, the Florida teenager who orchestrated the whole thing got arrested by the FBI on July 31.
Last week, Microsoft also issued a warning to the users to the users of its Office 365 suite about an uptick in phishing scams.