Users of cryptocurrency exchange Liquid could have had their data exposed in a recent security incident, the firm warned in a security notice on 18 November.
According to the announcement, the incident occurred on 13 November, when Liquid’s domain hosting provider incorrectly transferred control of one of the “core domain names” to an unknown actor. Shortly after the firm was alerted of the situation, it took immediate actions to prevent further breaches, and performed an infrastructure review to asses the extent of the security breach.
During the time of the incident, the intruder was granted enough access to change DNS records and take control of a “number of internal email accounts”, which allowed them to “partially compromise” Liquid’s infrastructure and access stored documents. It remains unknown if the actor was able to further access user’s KYC data, such as IDs and photos. The exchange’s CEO, Mike Kayamori, said in a statement:
“We do not believe there is an immediate threat to your account due to our use of strong password encryption. Nevertheless, we recommend that all Liquid customers change their password and 2FA credentials at the earliest convenience.”
The exchange warned its customers to be on the look out for possible phishing attempts, as the intruder may have been able to obtain data such as users’ emails, names, addresses and encrypted passwords.
The firm’s “comprehensive review” of the infrastructure confirmed that its clients’ funds were safe and accounted for, and that its MPC-based and cold storage crypto wallets were uncompromised.