Cryptocurrency platform Liquid has acknowledged experiencing a security breach, with the full extent of the incident currently being determined.

According to a statement released by CEO Mike Kayamori on the company blog, the attack occurred on November 13th. The perpetrator initially compromised the company’s domain registration details, which then enabled unauthorized access to multiple employee email accounts, ultimately leading to a breach of the company’s network.

Kayamori stated that while cryptocurrency assets remain “fully accounted for,” there is a possibility the attacker accessed the company’s document repositories. “We suspect the malicious actor was able to acquire personal information held within our user database. This could encompass details such as your email address, name, address, and password, which was stored in an encrypted format,” he explained.

The company is actively “investigating” whether the hacker obtained access to documents submitted by users for identity verification purposes – including government-issued identification, photographs, and proof of address – which could potentially increase users’ vulnerability to identity theft or targeted cyberattacks.

Liquid has advised users via email to update their passwords as a precautionary measure.

Attacks focusing on a company’s network infrastructure often exploit compromised or reused passwords used for domain registration. By gaining control of these network settings, attackers can surreptitiously manage the network and access email accounts and systems in a manner that bypasses other security measures.

Cryptocurrency businesses and exchanges represent attractive targets for hackers due to the substantial financial gains possible from a successful data breach. Past incidents include the theft of $170 million from Nano in 2018, $40 million from Coinrail, $30 million from Bithumb, and $40 million each from Binance and Coincheck following separate hacking events.

Established in 2014, Liquid reports having processed $50 billion in cryptocurrency transactions over the last twelve months.

A previous iteration of this report contained an inaccuracy, stating Binance and Coincheck each lost $400 million; the correct figure is $40 million each.

More:

• DOJ announces seizure of over $1 billion in bitcoin linked to the Silk Road illicit marketplace
• A hacker exploited Twitter’s internal ‘admin’ functionality to propagate a cryptocurrency fraud scheme
• High-profile Twitter accounts, including those of Apple, Biden, and Musk, were compromised in a cryptocurrency scam