Crypto trading platform Liquid is advising customers to change passwords and 2FA credentials following a hacking incident, according to a blog post from the company’s founder.
In the notice Liquid CEO Mike Kayamori said a domain name hosting provider inadvertently transferred control of the account to a malicious actor who subsequently changed DNS records and gained access to Liquid’s document storage infrastructure.
While client funds remained secure, the hacker stole emails, names, addresses and encrypted passwords from the user database. The company is investigating to see if the malicious actor obtained access to personal customer data including ID, selfie shot and proof of address documents.
“We are extremely embarrassed at this compromise of personal information that commenced with a breach external to Liquid. We have always taken pride in our security of client data & assets to date, and this incident will encourage Liquid more than ever to raise the bar. Once again, I apologize deeply for this humbling data breach and the loss of confidence that you may have,” Kayamori wrote in the blog.