Crypto trading platform Liquid is advising customers to change their passwords and 2FA credentials after being hacked in a domain name hosting attack.
In a notice published on its Website, Liquid CEO Mike Kayamori, says a domain name hosting provider inadvertently transferred control of the account to a malicious actor who subsequently changed DNS records and gained access to Liquid's document storage infrastructure.
While client funds remain untouched, the hacker was able to lift emails, names, addresses and encrypted passwords from the firm's user database..
"We are continuing to investigate whether the malicious actor also obtained access to personal documents provided for KYC such as ID, selfie and proof of address, and will provide an update once the investigation has concluded," states the Japanese firm, which bills itself as 'the the world’s most comprehensive and secure trading platform'.
The company is warning customers to be on the alert for evidence of identity fraud and phishing attempts, and recommends that all users change their passwords and 2FA credentials to protect their accounts.
Kayamori says: "We are extremely embarrassed at this compromise of personal information that commenced with a breach external to Liquid. We have always taken pride in our security of client data & assets to date, and this incident will encourage Liquid more than ever to raise the bar.
Once again, I apologise deeply for this humbling data breach and the loss of confidence that you may have."