GoDaddy Email Phishing

Well-known cybersecurity journalist Brian Krebs reported that employees of the GoDaddy domain registrar were the victims of attacks using social engineering and, as a result, handed over control over the domains of several cryptocurrency projects to attackers.

According to Krebs, the attacks began in mid-November this year. The first to report the problem was employees of the liquid.com cryptocurrency exchange.

Then a similar problem was discovered at NiceHash. The company’s domain settings at GoDaddy were changed, causing traffic and email to be temporarily redirected to a different location. NiceHash was forced to freeze all client funds for about 24 hours until the domain settings were reverted to their original settings.

Krebs writes NiceHash’s mail service has been redirected to privateemail.com, an email platform operated by another major registrar, Namecheap Inc. Using Farsight Security, a service that displays changes to domain name records, Krebs figured out that several other cryptocurrency platforms could have fallen victim to the same criminal group.

Thus, similar attacks seem to have suffered: Bibox.com, Celsius. network, and Wirex. app. None of these companies reported any incidents.

The NiceHash founder wrote that unauthorized changes were made from the GoDaddy internet address, and the attackers tried to use the gained access to incoming NiceHash emails to reset passwords on various third-party services, including Slack and Github.

However, the company said in a statement that the hackers did not gain access to any important service and did not steal any information.

However, the company said in a statement that the hackers did not gain access to any important service and did not steal any information.

At the same time, it was not possible to quickly contact GoDaddy, because it was then that a serious failure occurred in the registrar’s work, due to which e-mail and phones did not answer.

Unfortunately, GoDaddy representatives have already confirmed that several of their employees did indeed fall victim to social engineering. The exact number of compromised employees was not disclosed. GoDaddy said a security audit revealed unauthorized changes to some of the company’s customer accounts.