Cryptocurrency exchange Liquid has confirmed that it has been hacked, and an investigation into the incident remains ongoing.
“Ultimately, they [the hacker] were able to partially compromise the exchange’s infrastructure and access stored documents,” said Mike Kayamori, CEO of Liquid. The sensitive user data in those documents include names, emails, and security credentials that could later be used to steal user assets and identities.
The company tweeted that it successfully contained the attack, reasserted control of the domain, and performed a full infrastructure review — allowing it to confirm that all client funds are “accounted for, and remain safe.”
In the wake of the attack, Liquid recommended that its users change their passwords and 2FA credentials and be on the lookout for phishing attempts to use their data. A few commentators on Twitter questioned the delay in alerting users and noted that the exchange continued to list new tokens in the week following the hack.
— Liquid Global Official (@Liquid_Global) November 17, 2020
Founded in 2014, Liquid is the 25th largest crypto exchange by volume, with offices in Japan, Singapore, and the United States.
For his part, Kayamori apologized “deeply for this humbling data breach” and was quick to assure users that the company would be “better and stronger” in the future. An investigation into whether or not KYC data was also compromised remains ongoing.