HubSpot hacked, putting major crypto firms at risk

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

HubSpot suffered a cyberattack that saw data belonging to a number of high-profile cryptocurrency businesses taken, the company confirmed.

In a blog post, HubSpot said that a bad actor compromised an account of one of its employees, and used it to target its customers in the cryptocurrency industry.

HubSpot claims data was exported from “fewer than 30 HubSpot portals,” and that the company notified all affected firms, terminated the account, and reworked its account privileges to make sure something like this doesn’t repeat.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Pantera, Circle, BlockFi affected

Although HubSpot did not say which companies were affected, some media managed to discover a few names. Decrypt published a letter that Pantera Capital, an American hedge fund that specializes in cryptocurrencies, sent out to its customers, which said "Pantera uses Hubspot as a client relationship management platform. The information that may have been accessed includes first and last names, email addresses, mailing addresses, phone numbers, and regulatory classifications,"

Pantera added that its internal systems weren’t affected, and that the threat actor didn’t access social security numbers, or government IDs belonging to its customers.

Other companies, according to the same source, include Circle, BlockFi, and NYDIG. The full extent of the breach will probably be clear in the coming days and weeks, although Decrypt believes it could be “major”.

Circle told its customers that the threat actor took client contact information, but funds, financial transaction data, and Know Your Customer (KYC) data were not taken.

“While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve,” HubSpot concluded.

No one has yet claimed responsibility for the attack, and we don’t know what they’ll do with the data, or how exactly HubSpot's endpoints got compromised. Chances are, they’ll try to sell it on the black market, where other threat actors might use it for stage-two attacks.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Representational image depecting cybersecurity protection
Top venture capital firm Insight Partners confirms it was hit by cyberattack
Avast cybersecurity
Zapier tells customers their data may have been accessed
Ethereum
Hackers steal over $1bn in one of the biggest crypto thefts ever
Smartphone with new logo X twitter app background. Application twitter old blue bird change X black and white new.
Phishing campaign targets prominent X users, accounts at risk
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
Latest in Security
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Latest in News
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently making a major announcement about Avengers: Doomsday's cast on YouTube, and I think it's going to be a long-winded reveal
Samsung QN90F on yellow background
Samsung announces US prices for its 2025 mini-LED TV lineup, and it’s good and bad news
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Samsung Galaxy S25 Edge colors seemingly revealed in new video, and there’s another sign of an imminent launch