Adam Cochran, a crypto analyst and professor, experienced an attempt to hijack his domain name, Cochran.io, by hackers seeking to gain access to his personal cryptocurrency wallets.
The domain’s DNS records were temporarily changed by the perpetrators, who allegedly managed to fool GoDaddy support.
According to Cochran, the social engineering attempt was successful, leading to changes that switched MX records for several hours.
Said Adam Cochran:
The hijacker managed to redirect my email DNS for a few hours, and I imagine tried to reset passwords on crypto sites.
Still, when I called in to GoDaddy support, I had to verify a customer number, a pin and a hardware 2FA ID.
The hijacker did none of that.
They didn’t even access my account.
Customer service MADE THE CHANGE FOR THEM!
Since the incident on December 28th, Adam Cochran’s domain name was swiftly transferred to Namecheap; Cochran alleges that he’s been made aware of other incidents affecting crypto industry people who faced similar attempts at GoDaddy:
Since posting I’ve heard from >12 other crypto people that had DNS hijacked on @GoDaddy – all of them were either public figures or used their custom email domain when buying a @Ledger & were hit in the leak
Most recent one happened <8 hrs ago
This hasn’t been plugged.
Cochran was referring to the July 2020 data leak at Ledger, a cryptocurrency wallet solutions provider. That leak was addressed again earlier this week by the Ledger.com CEO.
Hopefully GoDaddy is investigating the incident in order to end such social engineering attempts to perform unauthorized changes to domains with the registrar.