FTX, Genesis, BlockFi customer details at risk following data breach
Third party breach following SIM-swapping attack puts users at risk
As if FTX creditors don’t have enough on their plate, now they have to combat inevitable phishing attacks that will come following the recent data breach at Kroll.
Kroll, a financial firm that handles bankruptcy claims for insolvent crypto businesses FTX, BlockFi, and Genesis, confirmed that a threat actor managed to compromise an account belonging to one of its employees and use it to steal certain data on a limited number of users.
FTX and BlockFi posted a message on Twitter, saying the attack resulted in the theft of “limited, non-sensitive customer data of specific claimants.”
Phishing season
Apparently, the attacker managed to SIM-swap one of Kroll’s employees’ T-Mobile accounts and use it to move past the multifactor authentication (MFA) security protocol and enter the company’s systems. Once inside, they stole things like full names, postal addresses, email addresses, and debtor claim details, of an unknown number of creditors.
Multiple crypto businesses went bust in 2022, losing billions of dollars worth of cryptocurrencies of people who used their services. Some of these companies are now in the middle of their bankruptcy proceedings.
Kroll said it would notify affected individuals directly. The breach has since been contained, it was added.
While the attackers may have been pushed out, the damage has been done. Some people have already taken to social media to warn about phishing emails they received. In most cases, the attackers are impersonating FTX and telling the victims that crypto asset withdrawal has been re-enabled. The goal of the campaign, however, is to trick the victims into giving away whatever cryptocurrencies they had left elsewhere.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Finally, a spokesperson for Kroll told the publication that there is no evidence the attacker managed to move laterally to other user accounts or systems. The attack was limited to these three companies.
- Check out the best firewalls right now
Via: BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.