Latest in Gear

Image credit: Rafael Henrique/SOPA Images/LightRocket via Getty Images

Hackers tricked GoDaddy into helping attacks on cryptocurrency services

The intruders had a relatively easy time getting in.
Jon Fingas, @jonfingas
November 21, 2020
207 Shares
Share
Tweet
Share

Sponsored Links

BRAZIL - 2020/11/18: In this photo illustration the GoDaddy logo seen displayed on a smartphone. (Photo Illustration by Rafael Henrique/SOPA Images/LightRocket via Getty Images)
Rafael Henrique/SOPA Images/LightRocket via Getty Images

GoDaddy’s 2020 security woes aren’t over. KrebsOnSecurity has found that hackers tricked GoDaddy employees into handing ownership or control of multiple cryptocurrency services’ web domains, inadvertently aiding attacks that brought sites down. It’s not certain how many companies fell victim to the effort, but Liquid.com and NiceHash reported problems within days of each other. Bibox, Celsius and Wirex might also have been among the targets, although they haven’t confirmed anything as of this writing.

It’s uncertain just how the hackers succeeded, but a successful March campaign against sites like Escrow.com likely relied on “vishing,” or voice calls that point targets toward phishing sites meant to harvest account sign-ins. Attackers frequently try to convince staff they’re from a company’s IT department and just want to resolve technical issues.

A GoDaddy spokesperson confirmed that a “limited number” of staff had fallen victim to “social engineering” attacks that let the intruders make unauthorized changes to domains and accounts. It responded by reverting changes, locking down accounts and helping victims regain access.

This comes roughly a year after a data breach affecting 28,000 hosting accounts and doesn’t help with GoDaddy’s image. It may have been difficult for the company to void vishing, mind you. GoDaddy has joined many other companies in having staff work remotely during the COVID-19 pandemic. That could make it harder to verify the legitimacy of a caller or website. As such, this might be a problem for many companies, even once it’s safe to return to offices.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
207 Shares
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
Vava’s 4K ultra short-throw projector is $840 off at Amazon

Vava’s 4K ultra short-throw projector is $840 off at Amazon

View
Scientists find neutrinos from star fusion for the first time

Scientists find neutrinos from star fusion for the first time

View
Engadget readers get $200 off Roomba's i7+ vacuum at Wellbots

Engadget readers get $200 off Roomba's i7+ vacuum at Wellbots

View
Google shows off 'Cyberpunk 2077' running on Stadia at 4K

Google shows off 'Cyberpunk 2077' running on Stadia at 4K

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr