$0 USD

NOVEMBER 2020

JAPAN

LIQUID

DESCRIPTION OF EVENTS

"Founded in 2014, Liquid is one of the world's largest cryptocurrency-fiat exchange platforms serving millions of customers worldwide." "Liquid’s mission is to build a secure and modern-day cryptocurrency ecosystem for traders and consumers to learn, grow, and leverage the benefits of financial freedom that blockchain technology enables."

 

"We are consistently ranked among the top 10 cryptocurrency exchanges globally based on daily traded spot volume with deep BTC/JPY liquidity. We are focused on providing a great user experience & world-class service levels." "Buy and sell Bitcoin, Ethereum, XRP and many other cryptocurrencies with fiat or crypto." "Trade our spot and margin markets with advanced funding options, lightning fast execution and deep liquidity." "We accept deposits of major fiat currencies including USD, JPY, EUR, SGD, HKD, and AUD."

 

"We manage digital assets using a combination of cold wallets & Multi-party computation (MPC) technology." "We use the latest technologies to keep your funds safe, and stay ahead of vulnerabilities and exploitation attempts." "Using multi-party computing we are able to offer fast round-the-clock withdrawals while maintaining our rigorous security standards."

 

"Mike Kayamori, CEO of cryptocurrency exchange Liquid, posted a notice on the official website that a data leakage security incident occurred on the exchange on November 13."

 

"The company blamed the intrusion on its domain name provider, which fell victim to a social engineering attack and incorrectly transferred Liquid's account to the hacker." "On the 13th of November 2020, a domain hosting provider "GoDaddy" that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor."

 

"A domain hosting provider that manages a core domain name mistakenly transferred control of the account and domain name to a malicious intruder, allowing it to change DNS records, thereby controlling a large number of internal email accounts, and being able to partially damage the exchange’s Infrastructure and gain access to stored documents."

 

"After detecting the intruder, immediate action was taken to intercept and contain the attack to prevent further intrusions and reduce the risk of customer accounts and assets, while conducting a comprehensive review of the infrastructure."

 

"It can be confirmed that the customer's funds are safe, and the cold wallet based on MPC (Multi-Party Computing Protocol) is safe and has not been damaged."

 

"The relevant regulatory agencies have been notified of the intrusion and will continue to communicate in the next few days. The attacker may have obtained the user's email, name, address, and password. At present, Liquid is investigating whether the attacker has accessed the identity documents and photos submitted to KYC for verification, and will provide updates after the investigation."

 

"Liquid announced the final findings on January 20, 2021. Liquid stated that 169,782 items of user data including email addresses, names, encryption passwords, API keys, etc. have been leaked." "Stolen information included real name, home address, emails, and encrypted passwords." "Among them, the personal information that may be accessed illegally is the user who went through the KYC process before October 2018, such as the user's ID card, self-portrait picture, proof of address and other identity verification documents 28,639."

 

"We do not believe there is an immediate threat to your account due to our use of strong password encryption. Nevertheless, we recommend that all Liquid customers change their password and 2FA credentials at the earliest convenience," Kayamori said.

The Liquid exchange in Japan saw personal data on hundreds of thousands of customers leaked, after an attacked managed to modify some DNS settings to take hold of internal company email accounts. The leaked information includes customer KYC information.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.