GoDaddy admitted it was the victim of an attack. The attackers managed to trick GoDaddy employees working in the domain registration department. In doing so they redirected email and web traffic on various cryptocurrency trading platforms to their own websites last weekteam.
The Krebs on Security page he says that the attack began on November 13 with an attack on liquid.com.
"The hosting provider GoDaddy, which manages one of our core domains, mistakenly handed over control of the domain to a malicious user," Liquid CEO Mike Kayamori said in a post on the company's blog.
“This allowed the malicious user to modify DNS and take control of a number of internal email accounts. So he managed to partially compromise our infrastructure and get access in the store registrations.
In the early morning hours of November 18, 2020 (CET), mining service NiceHash discovered that some of the DNS settings for its GoDaddy domain had been changed. Thus the malicious users redirected the domain's email and traffic. NiceHash froze all transactions for approximately 24 hours until they verified that the domain settings had been reset to their original state. “So far no emails appear to have been leaked, passwords or personal information, but we recommend changing your password and enabling 2FA security," the company said on its blog.
Many cryptocurrency platforms accepted attacks probably from the same group. The domains include: Bibox.com, Celsius.network and Wirex.app.
GoDaddy told KrebsOnSecurity that "a small number of its customers' domains were changed" when a "limited number of GoDaddy employees" fell victim to a social engineering scams.
GoDaddy is often victim of attacks.