The Liquid exchange and NiceHash mining are among those affected by a scam that ended with GoDaddy employees giving their passwords over to the malicious actors.  GoDaddy is one of the most popular services to register .com's and other popular domain name extensions.

Liquid's CEO Mike Kayamori says they used those employees access to partially breach the site's infrastructure, change their DNS records, and take possession of several internal email accounts. They also believe they downloaded copies of several 'important documents'.

The company recommended that its users change passwords and take additional security measures to prevent leakage of their data . He added that he had controlled the attack before hackers had access to his clients' accounts and assets.

The staff at Liquid noticed this on November 15th, just 4 days later the crypto mining service NiceHash also reported it was the victim of a security breach.

The company said that after detecting unauthorized changes to the configuration of its web domain registered with GoDaddy, it decided to freeze all client funds for 24 hours, a move that seems to have worked in protecting all funds.

Additional Companies Involved May Be Staying Silent...

No company in the crypto space wants their name connected to any type of security breach, and cyber security expert Brian Krebs's report shows there may be more crypto companies with GoDaddy domains, showing the same altered information as the confirmed victims.

This includes Bibox, Celsius, and Wirex - none have announced any issues, and none are responding to requests for comments.

GoDaddy spokesperson Dan Race says that the company identified the unauthorized changes to its customers' domains, and immediately blocked the accounts and reversed the changes.

------- 
Author: Adam Lee 
Asia News Desk

This is as high-level of a security alert we can possibly give.

According to a report by Norwegian app security firm Promon, the Android operating system has a security flaw that allows cybercriminals to gain access to a user’s crypto wallet. The vulnerability, called StrandHogg, has infected nearly all versions of Android.

It was first announced in a tweet from the security firm stating "Serious Android vulnerability leaves most apps vulnerable to attacks. All versions of Android affected... and real-life malware is currently exploiting the flaw" along with a link to the report.

CTO for Promon, Tom Hansen explained:

"We have tangible proof that attackers are exploiting StrandHogg in order to steal confidential information. The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected."

Once infected, the malware allows someone to mimic other apps. An identical clone of your wallet could replace your real one, stealing your password when you type it in.

Hansen continued "When the victim inputs their login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps."

In short - nothing is off limits to malware using this exploit.  Beyond stealing funds, Promon also claims they're able to listen to users through the infected phones microphone, read and send texts, and access all their private photos.

An update that closes this security hole is expected soon. 

Until then, the quickest way to make sure your safe is to retain the data needed to access your wallet later, and uninstall it for now.  If the wallet app isn't here, it can't be exploited. Just make sure you have everything you need to restore it, typically a login and a longer secret phrase.

Also remain off any websites that could potentially install malware, you know exactly which ones we're talking about. Not just the ones you wouldn't visit from the office, but sites with seemingly harmless things like free MP3s or TV shows as well.

-------
Author: Ross Davis
E-Mail: Ross@GlobalCryptoPress.com Twitter:@RossFM
San Francisco News Desk