Security News > 2020 > November > Crooks social-engineer GoDaddy staff into handing over control of crypto-biz domain names

Using social engineering tricks, the hackers were able to change the DNS settings of their victims' domain names, redirecting connections and mail to their own servers.

GoDaddy, the world's biggest domain-name registrar, confirmed "a small number of customer domains and/or account information" were altered after "a limited number of GoDaddy employees" were duped.

"Those customers included cryptocurrency-trading site Liquid, which last week said:"On the 13th of November 2020, a domain hosting provider, GoDaddy, that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor.

Another GoDaddy customer hit by the fraudsters was crypto-mining outfit NiceHash, which last week said "As a result of unauthorized access to the domain settings, the DNS records for the NiceHash.com domain were changed." Attempts to take back control of their systems were hampered by an unrelated outage GoDaddy was suffering at the time.

GoDaddy declined to explain exactly how the hijackings occurred nor share any details on how it will prevent such a thing from happening again.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/11/23/godaddy_dns_hijack/