The crypto exchange Liquid have this weekend confirmed that they have been hacked following previously unconfirmed reports. The extent and seriousness of the hack is still unknown as the incident remains under investigation.
Mike Kayamori, the chief executive of Liquid published a blog post confirming that the attack took place on Friday, November 13. The hacker reportedly managed to obtain access to Liquid’s domain records, meaning the hacker could then have full operational control of the email accounts of several Liquid employees, subsequently compromising company records.
Fortunately, Kayamori has said that all of the cryptocurrency funds are accounted for, meaning clients funds are safe. However, he went on to say that the hacker might have gained access to Liquid’s document storage. This means that the hacker may have taken Liquids’ clients’ personal information & data, including names, email addresses and encrypted passwords.
The full extent of the hack is not yet known though, however, Liquid has claimed that there is an ongoing investigation into the true extent of the hack. There are fears that the hacker may have gained access to the documents & information that Liquid clients used to verify their identity. These could potentially include government-issued IDs, proofs of address (such as utility bills or bank statements) and selfies. Should the investigation find that the hacker has managed to obtain such documents, Liquid users could be at greater risk of targeted online attacks and/or identity theft.
Cryptocurrency exchanges have become big targets for hackers in recent years because of the potential for large financial rewards if successful. In 2018 alone, Binance, Coinrial, Coincheck and Bitthumb we’re all hacked all had millions of dollars stolen. However these days, most reputable crypto exchanges keep client funds in offline storage to protect them.