Differences between revisions 3 and 4
Revision 3 as of 2022-05-17 00:12:11
Size: 2005
Comment:
Revision 4 as of 2022-05-17 00:15:03
Size: 2101
Comment:
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:
さすが、対応が早い。 さすが、対応が早い。ただ、GoDaddyでなにが起きたかは説明はまだらしい。
Line 30: Line 30:
At this time and until more data is provided from GoDaddy’s end, It is the team’s understanding that the attacker contacted GoDaddy and began to socially engineer one of their employees in order to gain access to SpiritSwap’s account. How the attacker managed to get any personal details is unknown to us, however, given the doxxed team, it’s not hard to see that a motivated individual could connect the dots and formulate a plan. This is the unfortunate downside of being publicly known. GoDaddy are yet to respond in full to requests for all logging data relating to our account and how changes were made, so until they provide information to support the contrary, and from the logging data the team have available on the SpiritSwap account, the team believe the attacker posed as one of the team, pretending to have lost login details and was subsequently granted access to the account by GoDaddy. At this time and until more data is provided from GoDaddy’s end, It is the team’s understanding that the attacker contacted GoDaddy and began to socially engineer one of their employees in order to gain access to SpiritSwap’s account.

How the attacker managed to get any personal details is unknown to us,
however, given the doxxed team,
it’s not hard to see that a motivated individual could connect the dots and formulate a plan.

This is the unfortunate downside of being publicly known.

GoDaddy are yet to respond in full to requests for all logging data
relating to our account and how changes were made,
so until they provide information to support the contrary,
and from the logging data the team have available on the SpiritSwap account,
the team believe the attacker posed as one of the team,
pretending to have lost login details and
was subsequently granted access to the account by GoDaddy.

Contents

  1. 報告
  2. history

さすが、対応が早い。ただ、GoDaddyでなにが起きたかは説明はまだらしい。

1. 報告

May 17 · 8 min read · Post mortem on this weekend’s DNS event

https://spiritswap.medium.com/post-mortem-on-this-weekends-dns-event-cb61c11f5c2f

Prologue

Firstly, SpiritSwap would like to express gratitude to the community and those who reached out to offer their support over this challenging period. A special acknowledgement to the team at Yield Monitor as they have shown great interest in assisting us and offered valuable resources to remedy the issue. SpiritSwap would also like to extend apologies to those who did not see or were unaware of the social media postings and warning messages in time and subsequently ended up losing money from this attack. There is a compensation plan in place and an intent to make this whole, read on for details.

2. history

The events that unfolded based on our analysis at this time

At this time and until more data is provided from GoDaddy’s end, It is the team’s understanding that the attacker contacted GoDaddy and began to socially engineer one of their employees in order to gain access to SpiritSwap’s account. 

How the attacker managed to get any personal details is unknown to us, 
however, given the doxxed team, 
it’s not hard to see that a motivated individual could connect the dots and formulate a plan.

This is the unfortunate downside of being publicly known.

GoDaddy are yet to respond in full to requests for all logging data 
relating to our account and how changes were made, 
so until they provide information to support the contrary, 
and from the logging data the team have available on the SpiritSwap account, 
the team believe the attacker posed as one of the team, 
pretending to have lost login details and 
was subsequently granted access to the account by GoDaddy.


CategoryDns CategoryWatch CategoryTemplate

MoinQ: DNS/乗取/SpiritSwap/post_mortem (last edited 2022-05-23 02:48:20 by ToshinoriMaeno)