$0 USD

NOVEMBER 2020

UNITED STATES

CELSIUS NETWORK

DESCRIPTION OF EVENTS

"Celsius Network is a cryptocurrency loan company." "Celsius was founded in 2017 with the mission to harness blockchain technology to provide unprecedented financial freedom, economic opportunity, and income equality for the 99%." "Celsius Network Limited was incorporated on 9 February 2018."

 

"Celsius is proud to provide a platform of curated services that have been abandoned by big banks – things like fair interest, zero fees, and lightning quick transactions. Our goal is to disrupt the financial industry, one happy user at a time, and introduce financial freedom through crypto."

 

"Celsius is not a bank, depository institution, custodian or fiduciary and the assets in your Celsius account are not insured by any private or governmental insurance plan (including FDIC or SIPC), nor are they covered by any compensation scheme (including FSCS)."

 

"Using Farsight Security, a service which maps changes to domain name records over time, KrebsOnSecurity instructed the service to show all domains registered at GoDaddy that had alterations to their email records in the past week which pointed them to privateemail.com. Those results were then indexed against the top one million most popular websites according to Alexa.com."

 

"GoDaddy acknowledged that “a small number” of customer domain names had been modified after a “limited” number of GoDaddy employees fell for a social engineering scam."

 

“Separately, and unrelated to the outage, a routine audit of account activity identified potential unauthorized changes to a small number of customer domains and/or account information,” GoDaddy spokesperson Dan Race said. “Our security team investigated and confirmed threat actor activity, including social engineering of a limited number of GoDaddy employees.”

 

“We immediately locked down the accounts involved in this incident, reverted any changes that took place to accounts, and assisted affected customers with regaining access to their accounts,” GoDaddy’s statement continued. “As threat actors become increasingly sophisticated and aggressive in their attacks, we are constantly educating employees about new tactics that might be used against them and adopting new security measures to prevent future attacks.”

 

"Race declined to specify how its employees were tricked into making the unauthorized changes, saying the matter was still under investigation. But in the attacks earlier this year that affected escrow.com and several other GoDaddy customer domains, the assailants targeted employees over the phone, and were able to read internal notes that GoDaddy employees had left on customer accounts."

 

"[M]ore info from Alex at 42:21 on [an] interview. Admits Go Daddy had a problem. Will be interesting if they can ever share a proper timeline of events."

 

"There's no question that we should have announced a maintenance window earlier, that we should have communicated the possibility that there would be propagation... We didn't even think there was propagation, but there was. Again, these are actions that actually GoDaddy took, not that we took, that caused the propagation. And because GoDaddy detected some things internally that are related to them - not to us, they decided to lock down the account. Right, so they locked down our account. We didn't lock down our account. And when we reached out to them, normally, like as you know, when you reach out to them, they go back to you in an hour and so on."

 

"But something happened inside GoDaddy and that's why Uniswap was down and Liquid and a bunch of other sites were down. And so it's not just something that happened to Celsius, right. It happens that Celsius did maintenance on the DNS exactly at the same time, but something else was going on inside GoDaddy and we're waiting for them to tell us what and how and so on."

 

"But there's a big difference between us and Liquid and Uniswap and others and the difference is that there's nothing you can do on the Celsius site. You cannot put your password. You cannot withdraw coins. You cannot transact. You can't do anything there, right. It's just an informational site and everything that happens, happens on the blockchain and on our app which are completely separated and segregated from our website. So, because of that, everybody who's watching this can be assured that none of their information was compromised. Right, so again if you look at the point where BlockFi was compromised, right. Whereas everybody with where the hacker stole all of their passwords and all the names and all of the balances that people had, which was what was reported in CoinTelegraph and CoinDesk and so on. That was because that site accepted all that information and the hacker managed to get it through right."

 

"So there was definitely an event here. We should have informed people better. And the site was shut down because GoDaddy wanted to make sure that there was no hack, there was no penetration, there was no illicit activity. But there was definitely a brute force attempt on the celsius.network site, meaning somebody tried to break the password, go down and shut it down, because they had other things happening with other sites. And as you saw, Liquid had a problem and so on. They had a major problem, right. Celsius was didn't have any problem, because, again, there was nothing to steal. So that's the kind of, like the quick versions and we're still waiting for that report. And I hope to publicize it the minute we get it. Unless GoDaddy tells us you're not allowed to, we will publicize the report."

Celsius Network suffered a DNS hijacking attack, where someone managed to successfully impersonate them to GoDaddy, and redirected the website to a malicious server. Due to the way that Celsius is set up, their site is not actually used to authorize any withdrawals, and the attacker did not use the opportunity to phish personal data from users or trick them into downloading a malicious application. This is because the attack was not primarily targeted at Celsius. While no funds were lost, this did cause the credibility of Celsius to be further questioned at the time.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.