In a statement posted on the wallet’s website, Paul Sokolov, CEO of Garda Wallet, described the wallet’s recent security breach. The security breach took place last week in a wallet under the Guarda Web, and it is not yet clear how much of users’ assets have been stolen.
According to digital currency reports and according to Statement According to the Guarda website, the attack was carried out by hacking into GoDaddy, a hosting provider. Gooddy is a well-known provider of hosting and domain services, which is also used by many other digital currency operators. The hackers reportedly managed to modify the existing DNS and take users to a fake login page by gaining control of Garda’s account in Gooddy.
Sokolov states that on the morning of December 30, 2020, their two-factor account authentication was disabled in Gooddy. Gooddie’s data also shows that no one had previously logged in to the Guarda account on the website. After disabling two-factor authentication, hackers changed the phone number, email address and password (PIN) of the account. Sokolov said in a video release that the last entry to the Garda account in Goody would be on December 2 (December 4) before the two-factor authentication was removed.
He added that after taking control of Guarda’s account in Gooddy, the addresses of the addresses “Guarda.con” and “Guarda.com” changed. By changing this information, users were redirected to a help page that looked exactly like the Guarda homepage. In this way, a number of users have provided their information to hackers.
Sokolov said that after learning of the security breach, they immediately told users not to use Garda until further notice through all means of communication such as Facebook, Telegram and Twitter. He writes:
Within 30 minutes, all the required documents were sent to Gooddy to restore access to Garda’s account. I [سوکولوف] I was also talking on the phone with Gooddie’s support, begging them to keep the domain inactive, at least as long as they process our request. Unfortunately, we did not receive any help or solutions from Gooddy’s team.
Sokolov wrote in another part of the statement that he had informed the Estonian Cyber Police to assist them in the investigation. He writes:
While we were waiting for Gooddy’s response, we tried to block the hackers access through Cloudflare, which turned out to be syncing the domain with their own Cloudflare. Thanks to our engineers, we were able to slow down the fake website and prevent it from operating. Almost 90% of the time (since Guarda was notified), access to this fake website was not possible.
About 10 hours after learning of the incident, Sokolov says, we regained access to our domain in Gooddy and immediately set up our dinosaurs on it. After ensuring the smooth operation of the website, Garda resumed its activities, and the wallet announced the news on its social media accounts.
Garda has stated that people who have lost their funds due to this security breach should notify support by sending a ticket.
Users are required to indicate the addresses, amount of currencies transferred and hashes of the mentioned transactions in their ticket. Users should also be clear in their message that they will have no problem sharing information with the police.
Garda has stated that it does not yet have exact information on how much of the users’ funds have been stolen. It should not be forgotten that this security breach was not from Garda, and hackers, by accessing Garda domain information, redirected users to a fake page.