BlockFi’s Data Breach May Allow Criminals to Extort Rich Clients

Published at: May 19, 2020

Crypto lending provider BlockFi reported on Tuesday that it suffered a data breach that may put some of its clients in physical danger.

According to its incident report, some of the company’s client data was breached through a SIM card swap attack performed on one of its employees.

The attackers successfully stole the email account and phone number used for the employee's account verification procedure, which allowed them to access BlockFi’s records.

SIM swapping attacks are the result of network operator vulnerabilities and are usually performed through co-conspirators with access to the phone network’s equipment — though external intrusion techniques are also possible. This type of attack was the culprit behind several high-profile exchange thefts, but they usually target the clients themselves. 

The attackers allegedly attempted to withdraw customer funds directly, but the attempts were unsuccessful, BlockFi says.

Nevertheless, the attackers had full access to customer data used as part of BlockFi’s marketing efforts. 

The company stressed that no “non-public identification information” was leaked, which would include bank account numbers, passwords or social security numbers.

However, the hackers did obtain access to the customers’ full names, email addresses, dates of birth and notably, activity information and physical addresses.

Can the victims be physically extorted?

BlockFi asserts that no threat to customers’ BlockFi funds exists, writing, “Due to the nature of the information that was leaked, we do not believe there is any immediate risk to BlockFi clients or company funds.”

However, home address and activity data may expose the affected users to extortion and physical theft.

BlockFi did not disclose what kind of activity data was included in these databases and has declined to answer Cointelegraph’s query on the subject, referring to the incident report for all information.

An unnamed spokesperson only added that “we have not received further indications that the unauthorized third party has tampered with the information that was accessed at this time.”

Nevertheless, it is easy to believe that simply reading the activity data would allow attackers to know the size of the client’s account and collateral pledges. This kind of data is crucial for any directed marketing campaign.

Furthermore, BlockFi’s privacy policy explicitly states that this information is available for marketing usage:

“We may use your personal information and information about how your use our services to send promotional and other information to you. We also may use your personal information to conduct analysis regarding your usage of our services and products and the effectiveness of our marketing initiatives.”

The connection between the home address, the customers’ activity on the platform and their identification data could allow criminals to precisely target the victims of this attack to extort them out of their cryptocurrency.

This kind of theft is not unheard of, as a Singaporean man was reportedly kidnapped in January and forced to transfer the cryptocurrency in his possession.

Similar cases were reported in 2017, notably the kidnapping of the director of the crypto exchange Exmo in Ukraine. India was also reported to have several such cases that year.

The case for anonymous finance

An Ethereum core developer used the occasion to praise the anonymity of blockchain-based decentralized finance, saying “will naysayers finally start to understand the point of DeFi on Ethereum?”

While DeFi carries a different set of risks, the consequences of data breaches on centralized platforms that hold Know Your Customer data could be catastrophic.

Tags
Related Posts
BonqDAO protocol suffers $120M loss after oracle hack
A small-scale decentralized autonomous organization (DAO) has suffered a rather sizeable smart contract exploit leading to an estimated $120 million being stolen from its protocol. BonqDAO, which is behind the Bonq protocol, told its Twitter followers on Feb. 1 that its protocol was exposed to an oracle hack that allowed the exploiter to manipulate the price of the AllianceBlock (ALBT) token. Bonq protocol was exposed to an oracle hack, where exploiter increased the ALBT price and minted large amounts of BEUR. The BEUR was then swapped for other tokens on Uniswap. Then, the price was decreased to almost zero, which …
Blockchain / Feb. 2, 2023
BlockFi confirms unauthorized access to client data hosted on Hubspot
New Jersey-based crypto financial institution BlockFi confirmed a data breach incident via one of its third-party vendors, Hubspot. BlockFi’s proactive warning about the breach aims to deter the intentions of bad actors in repurposing the user data for fraudulent activities. According to the announcement, the hackers gained access to BlockFi’s client data on Friday, Mar. 18, that were stored on Hubspot, a client relationship management platform: “Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.” As a third-party vendor for BlockFi, Hubspot stored user data such as names, email addresses and …
Blockchain / March 19, 2022
Binance and Huobi freeze $1.4M in crypto linked to North Korean hackers
Cryptocurrency exchanges Binance and Huobi have again frozen accounts linked to the $100 million Harmony Horizon bridge attack on Jun. 24, 2022. Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the notorious Lazarus Group operating out of North Korea. The investigation was carried out by blockchain analytics firm Elliptic, according to a report shared by the firm on Feb. 14. However, the firm didn’t state what coins or tokens were frozen. Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks …
Blockchain / Feb. 15, 2023
Coinbase discloses recent cyberattack targeting employees
Crypto exchange Coinbase experienced a cybersecurity attack targeting its employees on Feb. 5. The attack came through SMS scams and involved impersonations of IT staff, according to a recent report from the company's engineering team. No customers' funds or information were impacted, the firm said. As per the report, on a late Sunday several Coinbase employees received SMS messages requiring them to urgently log in via the link provided to access an important message. Acting in a good faith, one employee followed the exploiter' instructions: "While the majority ignore this unprompted message - one employee, believing that it’s an important …
Technology / Feb. 22, 2023
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023