Kymatio Isotype
Why Kymatio
Partners
Book a demo
Book a demo
EN
Kymatio Isotype
Why Kymatio
Partners
Book a demo
This website uses cookies

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

I acceptSettings
Cookie settings
Kymatio uses cookies to make your experience better. Check our Privacy Policy to learn more.
Strictly necessary (always active)
Cookies required to enable basic website functionality.
Accept all cookiesSave settings
Close
articles
Internal threats: GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services
Cyberattacks

Internal threats: GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

by
Kymatio
|
November 24, 2020

Cybercriminals redirected email and web traffic destined for various cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees of GoDaddy, the world's largest domain name registrar.

IN THIS article
Text Link
Book a demo

Internal Threats: GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

The Incident
Cybercriminals have redirected email and web traffic from several cryptocurrency trading platforms in a series of attacks facilitated by scams targeting GoDaddy employees. GoDaddy, the world’s largest domain registrar, has faced similar incidents in the past year where employees were tricked into transferring domain control to attackers.

Previous cases include:

  • March 2020: Voice phishing enabled attackers to take over at least six domains, including escrow.com.
  • May 2020: GoDaddy disclosed that 28,000 hosting accounts were compromised in an incident dating back to October 2019.

Latest Attack
The most recent campaign appears to have begun around November 13, starting with the cryptocurrency platform liquid.com. While GoDaddy has not revealed how employees were deceived, earlier attacks show that phone-based scams and reading of internal account notes played a role.

Rise of Voice Phishing (Vishing)
Experts have reported a significant increase in vishing—voice-based phishing—particularly affecting large corporations during the COVID-19 pandemic, as remote work has made verification processes weaker.

Typical Vishing Tactics:

  1. Attackers make repeated calls to remote employees, posing as IT support.
  2. They claim to be fixing email or VPN issues.
  3. The goal is to extract login credentials over the phone or trick victims into entering them into fake portals mimicking corporate systems.

High-Profile Parallel
On July 15, 2020, several high-profile Twitter accounts were hijacked for a Bitcoin scam that generated over $100,000 in hours. Twitter confirmed that attackers socially engineered employees over the phone to access internal tools.

Reconnaissance Methods
The FBI and CISA warn that vishing perpetrators gather target employee data through:

  • Scraping public social media profiles.
  • Using recruiting and marketing databases.
  • Background check services.
  • Open-source research.

Key Takeaway
These incidents underline that human factors remain one of the most exploited vulnerabilities. Even the most secure infrastructure can be undermined if attackers successfully manipulate employees.

Action Point
Organizations must train staff to detect and resist vishing, verify all unusual IT requests via official channels, and implement strict internal protocols for sensitive account changes.

Click here to book a meeting with a human cyber risk expert.

related articles

Explore more articles

Why an AI-Phishing Benchmark is Critical for Your 2025 Strategy
Cyberattacks
Cybersecurity Prevention
Why an AI-Phishing Benchmark is Critical for Your 2025 Strategy
by
Kymatio
|
August 19, 2025
NIS2 vs. DORA comparison — what applies to your organization
Cyberattacks
Cybersecurity Glossary
NIS2 vs. DORA comparison — what applies to your organization
by
Kymatio
|
August 1, 2025
Annual Campaign Calendar: Phishing, Smishing, Vishing and QRishing
Cyberattacks
Cybersecurity Prevention
Annual Campaign Calendar: Phishing, Smishing, Vishing and QRishing
by
Kymatio
|
July 29, 2025
ACTIVATE YOUR HUMAN FIREWALLS

Ready to uncover the real risk within your organization

Book a demo
Know the real risk
4.8 in Capterra

Join the Kymatio® newsletter and get the latest insights, research, and practical tips on cybersecurity awareness prevention straight to your inbox.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Services
HRMAssessment  & AwarenessAttack SimulationsBreach ScanDigital Wellbeing
Use cases
Public SectorFinancial SectorHealthcare SectorLarge enterprises
About us
Why KymatioKnow KymatioOur valuesSuccess Stories
Resources
BlogWebinarsWhitepapersNews
Get in touch
ContactLinkedInXFacebookYoutube
© 2025 Kymatio. All Rights reserved.
Privacy policy
·
Compliance
·
Cookies Policy
·
Legal Notice
·
AI Policy