We’re Giving out 10 BTC in Rewards until the Bitcoin Halving

Learn More

Despite Data Breach, Liquid Exchange Continued Listing New Tokens Before Warning Users

CEO Mike Kaymori stated he was “deeply embarrassed” by the loss of user data, confirming today that the exchange was hacked on Nov. 13. Liquid has seen $50 billion in volume over the past year. 

Despite Data Breach, Liquid Exchange Listed New Tokens Before Informing Users
Shutterstock cover by Natasa Adzic

Key Takeaways

  • The exchange was founded in 2014 and saw $50 billion in volume in the last 12 months.
  • The hack took place on Nov. 13 and is currently under investigation.
  • The breach could result in Liquid users falling prey to identity theft or phishing scams.

Share this article

According to a blog post, the hacker convinced a domain hosting provider that manages one of Liquid’s domain names to give them control of the account and domain.

The hacker was then able to change DNS records and control internal email accounts, allowing them to view the documents stored by the domain, including user data. 

CEO Mike Kayamori asserts that Liquid could contain the breach, and no cryptocurrencies appear to have been stolen. 

However, the hacker made off with sensitive user data that could later be used to steal user assets and identities. 

The exchange continued to list new tokens in the week following the hack before alerting users. 

Selling Liquid Data on The Dark Web

The hacker likely stole names, addresses, emails, and encrypted passwords. It’s possible that KYC data such as ID and address documents were stolen too. Liquid is investigating this possibility. 

Data such as emails and corresponding passwords or identities can be sold for hefty sums on the dark web if not used by the hacker directly. It’s estimated that over 15 billion logins from 100,000 breaches have been put up for sale on the dark web, from both crypto sites and other domains. 

Login details for crypto exchanges are particularly valuable.

Hackers can target the owners of emails with phishing scams to reveal their passwords or use personal data to try and steal user funds. Liquid users are advised to change their passwords and login details in light of the breach. 

Share this article