One among the topmost Domain Registrar Company, GoDaddy who have around 19 million customers have finally confirmed Data Breach as per Forbes report dated 5th May,2020. A well-established firm’s employees like GoDaddy’s too, can easily fall prey to Hackers either by hook or by crook.
Talking about Cryptocurrencies, which is known to the world as Digital Currency, is no doubt, one amongst the best online investment trade. Though the stakes and the risk factor are high, still cryptocurrencies claim to have a huge future and is also called as the next generation digital currency.
Can Cryptocurrency be hacked?
This is one of the few questions, one, gets on their mind, when we think of any online investment trade like Cryptocurrency.
Regardless of whatever the experts may claim, stating these are very secured due to their unique way of functioning and their high security protection, Hackers do find a way out to attack these sites and this being a Digital currency site, the risk factor is definitely high. Though one is aware that hacking these sites may not be an easy task, as these sites are secured using Cryptography. Hackers did find a way out and incidence which have been happening with GoDaddy is an example.
So, what Happened with GoDaddy?
As per the reports mentioned on KrepsonSecurity which is a well-known cybersecurity blog, GoDaddy’s employees were tricked by few Hackers who got access of couple of cryptocurrency websites like NiceHash and Liquid‘s domain. 18th Nov,2020 being the very recent attack on GoDaddy before this, in the month of March, 2020 using Vishing technique/Telephone Scam on the working support staff of GoDaddy, Fraudsters had got control of over close to six company’s domain which included a transaction brokering site too.
Is GoDaddy continuously targeted by Hackers?
Unfortunately, Yes. As per the Forbes report, in the month of May,2020 GoDaddy had openly confirmed of the Data Breach were around 28000 customers have been informed that their web hosting account credentials had been compromised. This data breach itself appears to have had occurred during the month of 19th Oct 2019, which wasn’t discovered until April,2020.
How Did GoDaddy compensate to the March affected customers?
GoDaddy had said to Forbes that they would provide complimentary years’ worth of security and malware removable services for these affected customers.
What did the Hackers do after receiving, the domain access to Cryptocurrency Site?
The recent attack on NiceHash on 18th Nov, 2020 early morning, where the Mining service noticed that some settings of the Domain registration records have some unauthorized changes which were under the control of GoDaddy, which led to redirecting of emails and web traffic. Immediately NiceHash froze all its customers account for next 24 hours till they had verified all the domain settings were changed to their original settings. Their clients were even requested to change their passwords and enable two factor authentications to be on the safer side by the company. NiceHash founder Matjaz Skorjanc speaking to Krebs confirmed that the attackers did attempt to force password reset on third-party services, but their company was able to fend off these attempts.
Is 18th November,2020 the only attack by Hackers on the cryptocurrency sites?
Unfortunately, No. In and around 13th Nov,2020 the Hackers had first time attacked a cryptocurrency site named Liquid, and their domain registrar was yet again that of GoDaddy.
This incident was one of the very first related to hacking of cryptocurrency sites. The CEO of Liquid Mike Kayamori has mentioned in his companies blog that one of their core domain names incorrectly transferred control of the account and domain to malicious actor, which had given the actor the ability to change DNS record which would help the actor to have control of a number of internal email accounts. Mr. Kayamori has shared what necessities to be taken by their customers to avoid any crisis in his post and has requested his customers to change the passwords and 2FA credentials asap.
What did GoDaddy’s spokesperson say after both cryptocurrency sites been Hacked?
Speaking to Kreps the GoDaddy’s spokesperson mentioned that they had immediately locked down all the accounts involved in the incident and have reverted the changes done by the Hackers to the original settings and even have assisted the customers in gaining access back to their accounts. The spokesperson even stated that “threat actors become increasingly sophisticated and aggressive in their attacks; we are constantly educating employees about new tactics that might be used against them.”
GoDaddy or Hackers, who are to be blamed?
The Hackers who convinced the employees of GoDaddy using social engineering scam and received access to the client domains or the employees knowing how Hackers function and still falling prey to their vishing.
No matter how big or small a firm could be, one can still fall victim to any fraudulent calls. No matter it’s a cryptocurrency sites or any other well encrypted sites, nothing as such can be 100% safe and secured.
Let’s learn through this incident, and do not trust any random call or person and provide them access to our personal data. It is we, who have to be careful coz the loss incurred will also be of ours and lets without fail have a two factor authentication to protect our data.