On December 30, 2020, the Guarda multicurrency non-custodial wallet was attacked with DNS records substitution. The project team blames GoDaddy hosting for the incident.
According to representatives of Guarda, GoDaddy employees have transferred control over the account and domains [guarda.co and guarda.com ] to the attackers, which allowed the latter to redirect users to a fake wallet backup download page.
Guarda asked GoDaddy to suspend the operation of domains until access is restored, but this never happened. The project engineers tried to slow down the phishing site. According to them, 90% of the time during which the domains were under the control of intruders, the phishing form was unavailable.
Guarda cooperates with the Estonian police. The project is considering filing a class action lawsuit against GoDaddy and refers to the investigation of cybersecurity specialist Brian Krebs on November 21. It says that GoDaddy employees have become victims of several phishing attacks — attackers lured their admin data to access other sites.
About 100 people submitted tickets to the support service, according to a January 4 publication by Guarda. Some of them are unhappy that they did not receive an email notification of the attack, which, in their opinion, would minimize the damage.
The attackers transferred the stolen assets to Ethereum and exchanged them for bitcoin through the decentralized Uniswap exchange. According to the project team, some funds were fixed on centralized sites.
ForkLog managed to detect some addresses to which the attackers transferred funds.
bitcoin (over 26 BTC);
Ethereum (over 200 ETH);
USDT ERC-20 (over 200 ETH).
The service has already submitted a compensation plan:
if the user has lost up to $2000, he will be refunded the full amount in bitcoin or stolen cryptocurrency. An alternative option involves agreeing to pay $4,000 in Guarda tokens with consent for a three-year westing;
if the user has lost from $2000 to $10,000, he will be refunded 50% in bitcoin or offered a double amount in tokens with consent for a three-year vesting;
if the user has lost more than $10,000, he will be refunded 20% in bitcoin or offered the equivalent of the lost amount +50% in tokens with consent for a three-year vesting.
Tokens will be issued until March 2021. The redemption will be carried out from a special fund.