In less than 90 minutes last Thursday, hackers were able to crack the BlockFi cryptocurrency lending platform system; gained unauthorized access to usernames, email addresses, dates of birth, addresses, and activity history.
In an incident report published on its website, BlockFi sought to emphasize that the hackers’ actions were recorded; so the information “can confirm that there are no funds, passwords, social security numbers, tax numbers, passports, licenses, bank accounts “and the like. Non-public identifying information. ”
According to the cryptocurrency platform, one of his employees was attacked by a criminal who attacked with a SIM card swap and stole the employee’s phone number.
Attacks on the SIM card swap generally lead to fraudsters successfully tricking mobile phone operators; allowing them to control the target phone number.
This not only means that scammers will now receive calls directed at victims. They will also receive SMS messages; which may include tokens used by certain systems that try to verify the identity of the connected user, as they say.
Attacks on SIM card swapping in recent years have become increasingly common, as a result of which many people are working together to find a more secure authentication method than tokens sent via SMS messages. Given the theft of millions of dollars in the past, cryptocurrency companies should pay special attention to this.
By monitoring BlockFi employees’ phone numbers, hackers can gain access to reset employee’s email password and access their email account; and then steal customer data and attempt to extract funds from the BlockFi clients without permission.
BlockFi said it took swift action to suspend the access rights of affected employees to prevent further abuse;and introduced “additional identity control for all BlockFi employees.”
BlockFi says it could prevent hackers from trying to attack again.
“Due to the nature of the information leak, we believe that BlockFi’s customers or the company’s funds will not face any risk immediately,” BlockFi said.