The US company BlockFi, which specializes in crypto loans manages more than 500 million US dollars in various cryptocurrencies. Many investors also entrust with their Bitcoin and other cryptocurrencies in order to collect attractive interest. But now the news is startling that BlockFi has been targeted by cybercriminals.
As reports, attackers managed to hijack an employee’s cell phone using a SIM swap. This left access to the BlockFi back office to hackers for more than an hour. However, no sensitive customer data such as credit card information has been stolen and attempts to transfer funds from BlockFi to third party accounts have failed. BlockFi’s community has expressed disappointment at the lack of prompt and detailed disclosure regarding the data breach as the announcement came four days after the hacking attempt.
Background To The Attack On BlockFi
BlockFi admits that the hackers entered the internal system. Customer data was used for marketing, including details of name, email address, home address and activity log. With this information, it is normally not possible to carry out monetary actions, since passwords or other identification methods are also required. According to BlockFi, the attack was quickly recognized and a second attempt was already prevented. As immediate measures, access rights to employees and internal systems were restricted and their cell phones were provided with a security update.
Advises That Accounts Must Be Secured With Two Factor Authentication
2FA should be handled better via an authentication app. Those who do without 2FA run the risk of losing control of their account by simply clicking on ‘forgot password’. Because if they control an e-mail account, they can quickly be successful without 2FA.
As a second security measure, BlockFi recommends activating whitelisting. This means that wallet addresses are only activated for withdrawals after 3 days, so that in the worst case scenario, customers have more time to react to suspicious actions and prevent their funds from running out.