Liquid Suffers Security Breach, User Data Possibly Exposed

  • The exchange has said that its customers’ funds remain safe, and that the attacker was not able to access its MPC-based and cold storage crypto wallets.
  • Liquid customers were warned to be on the lookout for phishing attempts, as the intruder had access to data such as users’ emails, names and addresses.

Image from Shutterstock

Users of cryptocurrency exchange Liquid could have had their data exposed in a recent security incident, the firm warned in a security notice on 18 November.

According to the announcement, the incident occurred on 13 November, when Liquid’s domain hosting provider incorrectly transferred control of one of the “core domain names” to an unknown actor. Shortly after the firm was alerted of the situation, it took immediate actions to prevent further breaches, and performed an infrastructure review to asses the extent of the security breach.

During the time of the incident, the intruder was granted enough access to change DNS records and take control of a “number of internal email accounts”, which allowed them to “partially compromise” Liquid’s infrastructure and access stored documents. It remains unknown if the actor was able to further access user’s KYC data, such as IDs and photos. The exchange’s CEO, Mike Kayamori, said in a statement:

“We do not believe there is an immediate threat to your account due to our use of strong password encryption. Nevertheless, we recommend that all Liquid customers change their password and 2FA credentials at the earliest convenience.”

The exchange warned its customers to be on the look out for possible phishing attempts, as the intruder may have been able to obtain data such as users’ emails, names, addresses and encrypted passwords.

The firm’s “comprehensive review” of the infrastructure confirmed that its clients’ funds were safe and accounted for, and that its MPC-based and cold storage crypto wallets were uncompromised.

Related Coverage
Curve Finance Finds and Resolves Site Exploit
  • The DeFi platform told its users it had “found and reverted” a frontend exploit only an hour after it was first reported.
  • The attacker apparently used a DNS spoofing attack to clone’s website, and redirect the DNS points to his IP address.
August 10, 2022, 12:41 PM


Slope Wallet Likely Tied to Solana’s Exploit
  • Solana developers claimed an investigation found no evidence that the protocol or its cryptography were compromised in the widespread exploit.
  • The investigation, however, discovered that the affected wallets were either “created, imported, or used” in Slope’s mobile app at one point in time.
Nomad Token Bridge Suffers $190M Security Exploit
  • Hundreds of addresses were involved in the $190 million exploit, and Nomad believes that at least some of them were white hat hackers.
  • Researcher for Paradigm has speculated that the exploit was caused by a recent update to one of Nomad’s smart contracts.