<img height="1" width="1" style="display:none" src="https://q.quora.com/_/ad/f36e97ab990e4ac69c2734d14b05a7cc/pixel?tag=ViewContent&amp;noscript=1">

Blog > Announcements > Articles

Security Incident on November 13, 2020

Dear Liquid customers,
security notice

Table of Contents

Dear Liquid customers,

This is Mike Kayamori, CEO of Liquid.

Today, I wanted to personally inform you of a recent security incident and data breach that affected Liquid.

What happened?

On the 13th of November 2020, a domain hosting provider "GoDaddy" that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.

What have we done, and what will we do?

After detecting the intruder we intercepted and contained the attack. Immediate action was taken to prevent further intrusions and to mitigate risk to customer accounts and assets. Before notifying customers we wanted to be sure that we understood the situation and its possible impact to you.

Having contained the attack, reasserted control of the domain, and performed a comprehensive review of our infrastructure, we can confirm client funds are accounted for, and remain safe and secure. MPC-based and cold storage crypto wallets are secured and were not compromised.

We have informed relevant regulatory bodies of the breach and we will continue dialogue with them over the coming days.

We will continue to review our infrastructure and take steps to bolster security with our technology partners.

What personal information may have been accessed?

We believe the malicious actor was able to obtain personal information from our user database.  This may include data such as your email, name, address and encrypted password. 

We are continuing to investigate whether the malicious actor also obtained access to personal documents provided for KYC such as ID, selfie and proof of address, and will provide an update once the investigation has concluded.

What are the potential consequences?

When a malicious actor obtains your personal information, there is an increased risk of identity theft.

It is also possible that you may experience an increase in spam email and phishing attempts.  Phishing attempts may be more sophisticated and difficult to detect when a malicious actor has access to your personal information. 

What you should do

We do not believe there is an immediate threat to your account due to our use of strong password encryption. Nevertheless, we recommend that all Liquid customers change their password and 2FA credentials at the earliest convenience.  More detailed instructions are published via Liquid Help Center.

Visit Help Center

If you are unable to change your password or 2FA please contact our Customer Champions on support@liquid.com for assistance.  

Contact Support

Remain vigilant

As a precautionary measure and consistent with ordinary good practices, we recommend that you remain vigilant by reviewing your financial account statements and credit reports closely, using a password manager to update your passwords frequently, and exercising caution with any emails that ask you to provide any personal information.  If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained.

You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities.

Additional Information

For further information and assistance in connection with your personal data, please contact privacy@liquid.com

We are extremely embarrassed at this compromise of personal information that commenced with a breach external to Liquid. We have always taken pride in our security of client data & assets to date, and this incident will encourage Liquid more than ever to raise the bar. 

Once again, I apologize deeply for this humbling data breach and the loss of confidence that you may have. I assure you that we will be better and stronger and appreciate your continued support of Liquid.

Mike Kayamori

Co-founder CEO

Liquid Group

Share this article

  • Share on Twitter
  • Share on Facebook
  • Share on LinkedIN
  • Share on Telegram
  • Share Link

Related Articles

September 24, 2021

QASH Blog Update 9/2021

Here is our monthly QASH/LQT update to keep you informed on the recent developments of the QASH/LQT and Liquid chain....
January 31, 2022

QASH Blog Update 01/2022

Here is an update on our QASH burning schedule. So far, we’ve burned 328,175,520.00 QASH since the 31st of August,...
October 8, 2021

QASH Blog Update 10/2021

As part of our QASH initiative, moving into the last quarter of 2021, we will be burning 50% of QASH tokens generated...