Customer
data of bankrupt crypto exchange, FTX, and insolvent digital asset lenders
BlockFi and Genesis, were exposed earlier this month, Kroll, the vendor responsible
for overseeing creditor claims for the insolvent businesses, confirmed
today (Friday).
In a
statement, Kroll explained that the hack was the result of a “highly
sophisticated SIM swapping attack” targeted at the T-Mobile US account of one
of its employees. T-Mobile is a mobile network operator.
A SIM
swapping attack is a type of phone fraud in which a hacker deceives a mobile
service provider into redirecting their target’s phone number to a SIM card
they control. This grants the hacker access to the victim’s incoming text
messages and calls, including those used for two-factor authentication (2FA).
“As a
result (of the attack), it appears the threat actor gained access to certain
files containing personal information of bankruptcy claimants in the matters of
BlockFi, FTX and Genesis,” Kroll stated in the statement, adding that it acted
immediately “to secure the three affected accounts.”
The bankruptcy
claims vendor added that it had informed affected customers of
the attack via email. In addition, the firm, which is also a prominent risk and
financial advisory solutions provider, said it is cooperating with the US
Federal Bureau of Investigation (FBI) and “a full investigation is underway.”
“We have no
evidence to suggest other Kroll systems or accounts were impacted,” Kroll
added.
FTX and
BlockFi Respond
In
different posts on social media platform X (formerly known as Twitter), FTX and
BlockFi also confirmed the attack. However, FTX noted that the
information comprised was “non-sensitive” customer data of certain
claimants in its pending
bankruptcy case.
“FTX
account passwords were not maintained by Kroll, and FTX’s own systems were not
affected,” the cryptocurrency exchange said, adding that it is “closely
monitoring the situation.” Furthermore, FTX urged its customers to
“remain on high alert for attempted fraud and scam emails impersonating parties
in the bankruptcy.”
(1/3) FTX learned that Kroll, the claims agent in the bankruptcy, experienced a cybersecurity incident that compromised non-sensitive customer data of certain claimants in the pending bankruptcy case.
— FTX (@FTX_Official) August 25, 2023
The incident comes over
a month after Finance Magnates reported that several users of FTX could
be facing a phishing attack. The users at the time were receiving suspicious
password reset emails from the exchange’s official customer support email,
support@ftx.com.
Meanwhile, in its post on X,
BlockFi emphasized that its “internal systems and client funds were not
impacted” by the SIM swapping attack. “We can also confirm that BlockFi account
passwords were never stored on Kroll’s platform,” the firm
added.
“In the
following weeks, you should expect an uptick in phishing attempts and spam
phone calls,” BlockFi further said. “BlockFi and Kroll will never
call, email, or text you to ask you for your personal information.”
Regarding recent third-party data incident: pic.twitter.com/WdezgAerLF
— BlockFi (@BlockFi) August 24, 2023
FTX, one of
the entities in Sam Bankman-Fried’s crypto empire, tumbled in November last year following a bank run triggered in part by concerns
about the solvency of the exchange’s affiliated trading firm, Alameda Research.
FTX filed for bankruptcy
protection in the
same month.
In the wake of FTX’s collapse, BlockFi
and Genesis
are among the crypto companies that similarly fell apart. Both businesses have also sought bankruptcy protection to restructure their operations.
Customer
data of bankrupt crypto exchange, FTX, and insolvent digital asset lenders
BlockFi and Genesis, were exposed earlier this month, Kroll, the vendor responsible
for overseeing creditor claims for the insolvent businesses, confirmed
today (Friday).
In a
statement, Kroll explained that the hack was the result of a “highly
sophisticated SIM swapping attack” targeted at the T-Mobile US account of one
of its employees. T-Mobile is a mobile network operator.
A SIM
swapping attack is a type of phone fraud in which a hacker deceives a mobile
service provider into redirecting their target’s phone number to a SIM card
they control. This grants the hacker access to the victim’s incoming text
messages and calls, including those used for two-factor authentication (2FA).
“As a
result (of the attack), it appears the threat actor gained access to certain
files containing personal information of bankruptcy claimants in the matters of
BlockFi, FTX and Genesis,” Kroll stated in the statement, adding that it acted
immediately “to secure the three affected accounts.”
The bankruptcy
claims vendor added that it had informed affected customers of
the attack via email. In addition, the firm, which is also a prominent risk and
financial advisory solutions provider, said it is cooperating with the US
Federal Bureau of Investigation (FBI) and “a full investigation is underway.”
“We have no
evidence to suggest other Kroll systems or accounts were impacted,” Kroll
added.
FTX and
BlockFi Respond
In
different posts on social media platform X (formerly known as Twitter), FTX and
BlockFi also confirmed the attack. However, FTX noted that the
information comprised was “non-sensitive” customer data of certain
claimants in its pending
bankruptcy case.
“FTX
account passwords were not maintained by Kroll, and FTX’s own systems were not
affected,” the cryptocurrency exchange said, adding that it is “closely
monitoring the situation.” Furthermore, FTX urged its customers to
“remain on high alert for attempted fraud and scam emails impersonating parties
in the bankruptcy.”
(1/3) FTX learned that Kroll, the claims agent in the bankruptcy, experienced a cybersecurity incident that compromised non-sensitive customer data of certain claimants in the pending bankruptcy case.
— FTX (@FTX_Official) August 25, 2023
The incident comes over
a month after Finance Magnates reported that several users of FTX could
be facing a phishing attack. The users at the time were receiving suspicious
password reset emails from the exchange’s official customer support email,
support@ftx.com.
Meanwhile, in its post on X,
BlockFi emphasized that its “internal systems and client funds were not
impacted” by the SIM swapping attack. “We can also confirm that BlockFi account
passwords were never stored on Kroll’s platform,” the firm
added.
“In the
following weeks, you should expect an uptick in phishing attempts and spam
phone calls,” BlockFi further said. “BlockFi and Kroll will never
call, email, or text you to ask you for your personal information.”
Regarding recent third-party data incident: pic.twitter.com/WdezgAerLF
— BlockFi (@BlockFi) August 24, 2023
FTX, one of
the entities in Sam Bankman-Fried’s crypto empire, tumbled in November last year following a bank run triggered in part by concerns
about the solvency of the exchange’s affiliated trading firm, Alameda Research.
FTX filed for bankruptcy
protection in the
same month.
In the wake of FTX’s collapse, BlockFi
and Genesis
are among the crypto companies that similarly fell apart. Both businesses have also sought bankruptcy protection to restructure their operations.