Hackers steal from Guarda Wallet users after taking control of its domain
On December 30, 2020, the multi-currency non-custodial wallet Guarda suffered an attack involving DNS-record tampering. The project team blames GoDaddy, the hosting provider.
The official statement regarding the security incident on December 30, 2020, https://t.co/wGFJ6YeD0Z
— Guarda (@GuardaWallet) January 2, 2021
According to Guarda representatives, GoDaddy staff handed over control of the account and the domains [guarda.co and guarda.com] to the attackers, allowing them to redirect users to a fake wallet backup download page.
Guarda asked GoDaddy to suspend the domains until access was restored, but this did not happen. The project’s engineers attempted to slow the phishing site. According to them, during 90% of the time the domains were under attackers’ control, the phishing form was unavailable.
Guarda is cooperating with the Estonian police. The project is considering filing a class-action lawsuit against GoDaddy and cites an investigation by cybersecurity expert Brian Krebs from November 21. It says GoDaddy staff fell victim to several phishing attacks — attackers obtained their admin credentials to access other sites.
Exclusive: Fraudsters changed the email and DNS records for a number of cryptocurrency trading platforms this week, after successfully social engineering employees at GoDaddy, the world’s largest domain name registrar. https://t.co/LYCdowb71Q pic.twitter.com/vlbSPsxPwI
— briankrebs (@briankrebs) November 21, 2020
Around 100 people filed tickets with support, according to a Guarda publication from January 4. Some of them were dissatisfied that they did not receive an email notification about the attack, which, in their view, would minimise the damage.
The attackers moved the stolen assets into Ethereum and swapped them for Bitcoin via the decentralized exchange Uniswap. Some funds, the project team says, were reportedly traced on centralized exchanges.
ForkLog managed to identify some addresses to which the attackers transferred funds.
- Bitcoin (over 26 BTC);
- Ethereum (over 200 ETH);
- USDT ERC-20 (over 200 ETH).
The service has already presented a plan to compensate for the losses:
- If a user lost up to $2,000, they will be refunded the full amount in Bitcoin or the stolen cryptocurrency. An alternative option contemplates a payment of $4,000 in Guarda tokens with a three-year vesting;
- If a user lost between $2,000 and $10,000, they will be refunded 50% in Bitcoin or offered double the amount in tokens with a three-year vesting;
- If a user lost more than $10,000, they will be refunded 20% in Bitcoin or offered an equivalent of the lost amount plus 50% in tokens with a three-year vesting.
The tokens will be issued by March 2021; redemptions will be funded from a dedicated fund.
Earlier, we reported on the major hacks of 2020 in the cryptocurrency industry.
Subscribe to ForkLog news on Telegram: ForkLog Feed — the full stream of news, ForkLog — the most important news and polls.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!