More crypto-related insecurity: Liquid hacker easily accesses usernames, emails and passwords
For anyone to be surprised when a ‘hack’ occurs or when funds go missing from a crypto platform is rather akin to anyone being surprised when rain begins to fall from a cloud.
Once again, the amateurish digital currency world find its limits as digitial asset trading platform Liquid has been the subject of hacking.
n a notice published on its Website, Liquid CEO Mike Kayamori, says a domain name hosting provider inadvertently transferred control of the account to a malicious actor who subsequently changed DNS records and gained access to Liquid’s document storage infrastructure.
While client funds remain untouched, the hacker was able to lift emails, names, addresses and encrypted passwords from the firm’s user database..
“We are continuing to investigate whether the malicious actor also obtained access to personal documents provided for KYC such as ID, selfie and proof of address, and will provide an update once the investigation has concluded,” states the Japanese firm, which bills itself as ‘the the world’s most comprehensive and secure trading platform’.
The company is warning customers to be on the alert for evidence of identity fraud and phishing attempts, and recommends that all users change their passwords and 2FA credentials to protect their accounts.
Kayamori says: “We are extremely embarrassed at this compromise of personal information that commenced with a breach external to Liquid. We have always taken pride in our security of client data & assets to date, and this incident will encourage Liquid more than ever to raise the bar.
Once again, I apologise deeply for this humbling data breach and the loss of confidence that you may have.”
All too often, digital asset platforms have exposed their clients’ credentials and in some cases wiped out the accounts of investors, with some tales of woe still unresolved several years later.
One would have thought that after the MtGox disaster in the early part of last decade where the owner of the company allegedly stole client investments with clients having absolutely no recourse, that people would think twice about risking their own capital in real FIAT currency by exchanging it for a non-existent, unbacked cryptocurrency owned by the exchange owners who themselves are barely identifiable members of the public often with unsavory aspirations.
For anyone to be surprised when a ‘hack’ occurs or when funds go missing is rather akin to anyone being surprised when rain begins to fall from a cloud.