GoDaddy has admitted that it was attacked. The attackers managed to deceive GoDaddy employees who worked in the domain registration department. In this way, they redirected the traffic of emails and the web on various cryptocurrency trading platforms to their own websites last week.
The Krebs on Security page he says that the attack began on November 13 with an attack on liquid.com.
"The hosting provider GoDaddy, which manages one of our core domains, mistakenly handed over control of the domain to a malicious user," Liquid CEO Mike Kayamori said in a post on the company's blog.
"This allowed the malicious user to modify the DNS and take control of a number of internal email accounts. Thus it managed to partially endanger our infrastructure and gain access to store records.
In the early morning hours of November 18, 2020 (CET), the mining service NiceHash discovered that some of the DNS settings for its domain in GoDaddy had changed. So the malicious users redirected the email and the domain traffic. NiceHash froze all transactions for about 24 hours until it verified that the domain settings had been restored to their original state. "So far no emails, passwords or personal information appear to have been leaked, but we suggest you change your password and enable 2FA security," the company said in a blog post.
Many cryptocurrency platforms were probably attacked by the same group. Domains include: Bibox.com, Celsius.network and Wirex.app.
GoDaddy told KrebsOnSecurity that "a small number of its clients' domains had changed" when a "limited number" of GoDaddy employees fell victim to a social engineering scam.
GoDaddy is often victim of attacks.