GoDaddy staff fall prey to social engineering scam in cryptocurrency exchange attack wave
GoDaddy employees have allegedly fallen victim to a series of social engineering phishing scams that led them to facilitate attacks on multiple cryptocurrency exchanges. The scam duped employees into changing email and registration records which were then used by cyberattackers to launch attacks on other organizations. The incident was reported by Brian Krebs, a security expert, last week and GoDaddy has since confirmed the attack.
In mid-November, the scammers began to ensure that email and web traffic intended for cryptocurrency exchanges were redirected. Tradings posts Liquid.com and NiceHash were affected by the cybersecurity incident, and it is likely they were not the only organizations impacted. A security incident occurring on November 13 was caused by GoDaddy employees incorrectly transferring control of an account related to Liquid.com’s core domain names.