FTX, BlockFi, and Genesis Users’ Data Compromised in SIM Swap Attack

Bankrupt crypto exchange FTX, and insolvent digital asset lenders BlockFi and Genesis have come under a SIM swap attack leading to leaking of their customers’ data. Bankruptcy claim vendor in charge of the three companies, Kroll confirmed the incident in a statement today Friday 25 August.

Kroll explained that the “highly sophisticated SIM swapping attack” targeted the T-Mobile mobile network account of one of its employees, leading to the data leakage.

“As a result [of the attack], it appears the threat actor gained access to certain files containing personal information of bankruptcy claimants in the matters of BlockFi, FTX and Genesis,” Kroll stated in the statement, adding that it acted immediately “to secure the three affected accounts.”

A SIM swapping attack is an attack on a mobile network user in which the attacker gets the mobile network company to redirect a victim’s sim card to one they control. Once they take over, they can use the SIM card to do many things, including hijacking bank accounts etc.

Kroll further stated that it had already informed all affected customers of the three companies by email, since their SIM cards have been compromised. The firm also said that it had notified the US Federal Bureau of Investigation (FBI) and “a full investigation is underway.”

Hopefully, no other Kroll account has come under the attack at this time. “We have no evidence to suggest other Kroll systems or accounts were impacted,” Kroll added.

Not a Serious Attack for FTX

Both FTX and BlockFi have responded to Kroll’s statement in separate tweets. In a series of tweets with screenshots of BlockFi’s update on the issue, the company said that BlockFi’s internal systems and client funds were not impacted.

It also confirmed that it never stored account passwords on Kroll’s platform, and while its users need not take any actions on their accounts, it was notifying them to take measures to protect themselves.

While FTX also confirmed the incident, it stated that it wasn’t serious as the compromised information was just non-sensitive customer data of some claimants.

“FTX account passwords were not maintained by Kroll, and FTX’s own systems were not affected,” the cryptocurrency exchange said, adding that it is “closely monitoring the situation.” Furthermore, FTX urged its customers to “remain on high alert for attempted fraud and scam emails impersonating parties in the bankruptcy.”

FTX collapsed last year in November and the case is still pending, with its CEO Sam-Bankman Fried in prison custody ahead of his trial. Before now, there were reports of of FTX users getting password reset emails, allegedly from FTX official customer support email address.

Meanwhile, BlockFI further stated that there is likely to be an increase in “phishing attempts and spam phone calls,” in the coming weeks. It also warned its users to never fall for any such attempts, as “BlockFi and Kroll will never call, email, or text you to ask you for your personal information.”

Attacks on Crypto Companies

Attacks such as SIM swapping, hacks, and phishing attacks are quite common in the crypto industry. In recent times, this has been on the increase, and may not be slowing down in the near future.

It is therefore advisable to be vigilant and never give out sensitive information to people claiming to be customers support as this is what attackers do.

Leave a Reply

Your email address will not be published. Required fields are marked *