Hackers Attacking Cryptocurrency Platforms via Hosting Service Providers

Recently, some attackers were observed targeting several cryptocurrency services by attacking their hosting service providers.

What happened?

A hacker group targeted domain hosting provider GoDaddy and tricked its employees into transferring the ownership and control of several cryptocurrency services hosted on GoDaddy’s platform.
  • The attack had begun on November 13, with an attack on cryptocurrency trading platform Liquid. Hackers had transferred control of the account and domain to a malicious actor and changed the DNS records. By this, they could monitor and control their internal email accounts, and eventually the document storage.
  • The cryptocurrency mining service NiceHash discovered that its settings for domain registration records at GoDaddy were changed without authorization. Their email and web traffic were briefly redirected.
  • Additionally, several other cryptocurrency platforms including Bibox.com, Celsius.network, and Wirex.app may have been targeted by the same group.

Recent incidents with hosting providers

  • A few days ago, the managed web hosting solutions provider Managed.com was targeted by a ransomware attack, resulting in some customer sites having their data encrypted.
  • A few weeks ago, attackers were found exploiting a vulnerability in third-party software to gain access to the store hosting systems provided by X-Cart, the eCommerce software vendor.

The bottom line

With hackers carrying out supply-chain attacks to reach out to high-value targets, it is crucial for all organizations to stay cautious while serving their customers. To protect sensitive information, experts suggest security measures such as using data encryption software and intrusion detection and prevention systems. Furthermore, using email spam filters can help prevent email-based attacks.