Liqui.io is a cryptocurrency exchange based out of Kiev, Ukraine. Earlier today, users reported a Ukranian IP had logged in and emptied their accounts. The reports came from the ethtrader subreddit and from the exchange’s trollbox. According to the exchange, someone is trying to brute force users’ accounts and 2FA should be activated immediately.
A few hours after a user posted a reddit thread claiming 3.5 Bitcoins have just disappeared from his Liqui account, the exchange posted the following tweet:
According to this tweet, it doesn’t seem that the exchange operators believe their platform was hacked. However, half a dozen more users confirmed the allegations and specified that login attempts have been made from a Ukranian IP (109.86.17.145). One user said:
“Don’t hold anything in my liqui account but just logged in and see there were several failed login attempts yesterday from 109.86.17.145 (Ukraine) and several more attempts earlier in July, starting July 1st from IPs in Brazil & Vietnam. 9 failed login attempts in total, none of them from me. I have 2FA enabled so looks like it has saved my bacon.” –jesusthatsgreat
Another user found an abuse mailbox for that ip range, which is abuse@triolan.com.ua
. So if you have a Liqui.io account and noticed failed or successful logins from that IP address it would be a good idea to send an email to the above address.If the perpetrator was smart enough, he used a VPN. However, if the criminal cracked users’ accounts from his home IP address, it is only a matter of time until his identity is revealed. Because the IP address used to login happened to be located in the same city / country as the exchange, many speculate that it may be an inside job. Taking one quick look at Liqui’s trollbox, it is evident that users are displeased with the situation.
It looks like, this was an attack targeted at the exchange. According to Andrew from Liqui:
“Someone trying to brute force users accounts. Usual routine for every exchange. Users should use unique passwords and enabled 2fa.”
While the platform should have had anti brute force countermeasures in place, it is also the users’ responsibility to secure their accounts with 2FA, especially if they hold significant balances. However, hindsight is always 20/20, so if you haven’t yet make sure to turn on 2FA.
The Next Big Crypto Projects: Why You Should Add Web3Bay, Solana, & Tron to Your…
Imagine securing a stake in the next big cryptocurrency before it skyrockets. A chance investors…
Ripple (XRP) has certainly been around the crypto market long enough for anyone to have…
Master Your Crypto Portfolio: Leading Decentralized Wallets for Maximum Control & Earnings in 2025 With…
The crypto market is typical of sudden changes in fortune and price drops. That has…
The cryptocurrency world has always been a hotbed of innovation, attracting both seasoned investors and…