News

Cybercriminals are hijacking GoDaddy’s cryptocurrency domains

Well-known cybersecurity journalist Brian Krebs reported that cybercriminals are hijacking GoDaddy’s cryptocurrency domains. GoDaddy employees have been victims of social engineering attacks, and as a result, hackers have transferred control over the domains of several cryptocurrency projects.

According to Krebs, the attacks began in mid-November this year. Employees of the liquid.com cryptocurrency exchange were the first to report the problem:

“GoDaddy, which operates one of our primary domain names, has mistakenly transferred control of our account and domain to an attacker. This gave the attacker the ability to modify DNS records and control a number of internal email accounts. Over time, the attacker was able to partially compromise our infrastructure and gain access to the document repository”, — says the company’s blog post.

Then a similar problem was discovered at NiceHash. The company’s domain settings at GoDaddy were changed, causing traffic and email to be temporarily redirected to a different location. NiceHash was forced to freeze all client funds for about 24 hours until the domain settings were reverted to their original settings.

Let me remind you that we also reported that GoDaddy closed 15,000 subdomains that used spammers.

Krebs writes that NiceHash’s mail service has been redirected to privateemail.com, an email platform operated by another major registrar, Namecheap Inc. Using Farsight Security, a service that displays changes to domain name records, Krebs figured out that several other cryptocurrency platforms could have fallen victim to the same criminal group. Thus, similar attacks seem to have suffered: Bibox.com, Celsius.network and Wirex.app. None of these companies reported any incidents.

“Unauthorized changes were made from the GoDaddy internet address, and the attackers tried to use the gained access to incoming NiceHash emails to reset passwords on various third-party services, including Slack and Github”, — the NiceHash founder wrote.

However, the company said in a statement that the hackers did not gain access to any important service and did not steal any information.

At the same time, it was not possible to quickly contact GoDaddy, because at the same time serious failure occurred in the registrar’s work, due to which e-mail and phones did not answer.

Unfortunately, GoDaddy representatives have already confirmed that several of their employees did indeed fall victim to social engineering. The exact number of compromised employees was not disclosed. GoDaddy said a security audit revealed unauthorized changes to some of the company’s customer accounts.

“We immediately blocked the accounts involved in this incident, reversed any changes made, and helped the affected customers regain access to their accounts”, — GoDaddy said in a statement.

We also talked about how Microsoft gained control over six domains of “Coronavirus” scammers.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Chernars pop-up ads (Virus Removal Guide)

Chernars.com is a domain that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Eclipse-adblocker.pro pop-up ads (Virus Removal Guide)

Eclipse-adblocker.pro is a site that tries to trick you into clik to its browser notifications…

1 day ago

Remove Initiateadvancedcompletelythe-file.top pop-up ads (Virus Removal Guide)

Initiateadvancedcompletelythe-file.top is a site that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

4 days ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

4 days ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

4 days ago