BlockFi Suffers Data Breach, Funds Remain Safe

Wednesday, 20/05/2020 | 06:37 GMT by Arnab Shome
  • The breach happened using the classic SIM port hacking technique.
BlockFi Suffers Data Breach, Funds Remain Safe
FM

BlockFi, a popular cryptocurrency lending platform, informed its customers on Tuesday that it had a “temporary” data breach, putting some client’s data at risk.

The breach happened on May 14 and, according to the Exchange , the breach lasted for over an hour before the root cause of the unauthorized intrusion was found and it was stopped.

The platform also stressed that no critical customer data including funds were compromised.

“BlockFi was able to confirm that no funds, passwords, social security numbers, tax identification numbers, passports, licenses, bank account information, nor similar non-public identification information was exposed as a result of this incident,” the official announcement detailed.

The compromised data include customer name, email, date of birth, and physical address linked to the accounts, along with all transaction information.

Zac Prince, the platform’s CEO, also confirmed that the breach impacted less than half of their retail clients and no institutional clients were affected.

A classic hack

The official intimation detailed that the perpetrators compromised the phone of a BlockFi employee to gain access to a portion of the platform’s “encrypted” back-office system. This is a classic example of a SIM port hack and it uses the vulnerability of the cell phone carrier.

“Based on the unauthorized third party’s actions, it appears that the perpetrator attempted to make unauthorized withdrawals of client funds using the BlockFi platform, but was unsuccessful in doing so,” BlockFi state

“However, the unauthorized third party was able to access BlockFi client information typically used by BlockFi for retail marketing purposes throughout the duration of this incident.”

In response to the breach, BlockFi has now tightened its security measures including limiting employee access to customer information, security updates to employee mobile phones, enhanced security audits, and also upgraded its incident response trigger protocol.

“We are constantly reviewing and improving our systems and security processes and will be accelerating efforts in a number of areas as a result of this activity,” the company stated. “In addition to ongoing development of our systems, we are actively researching options for us to contribute to the Cybersecurity efforts of the cryptocurrency industry more broadly.”

BlockFi, a popular cryptocurrency lending platform, informed its customers on Tuesday that it had a “temporary” data breach, putting some client’s data at risk.

The breach happened on May 14 and, according to the Exchange , the breach lasted for over an hour before the root cause of the unauthorized intrusion was found and it was stopped.

The platform also stressed that no critical customer data including funds were compromised.

“BlockFi was able to confirm that no funds, passwords, social security numbers, tax identification numbers, passports, licenses, bank account information, nor similar non-public identification information was exposed as a result of this incident,” the official announcement detailed.

The compromised data include customer name, email, date of birth, and physical address linked to the accounts, along with all transaction information.

Zac Prince, the platform’s CEO, also confirmed that the breach impacted less than half of their retail clients and no institutional clients were affected.

A classic hack

The official intimation detailed that the perpetrators compromised the phone of a BlockFi employee to gain access to a portion of the platform’s “encrypted” back-office system. This is a classic example of a SIM port hack and it uses the vulnerability of the cell phone carrier.

“Based on the unauthorized third party’s actions, it appears that the perpetrator attempted to make unauthorized withdrawals of client funds using the BlockFi platform, but was unsuccessful in doing so,” BlockFi state

“However, the unauthorized third party was able to access BlockFi client information typically used by BlockFi for retail marketing purposes throughout the duration of this incident.”

In response to the breach, BlockFi has now tightened its security measures including limiting employee access to customer information, security updates to employee mobile phones, enhanced security audits, and also upgraded its incident response trigger protocol.

“We are constantly reviewing and improving our systems and security processes and will be accelerating efforts in a number of areas as a result of this activity,” the company stated. “In addition to ongoing development of our systems, we are actively researching options for us to contribute to the Cybersecurity efforts of the cryptocurrency industry more broadly.”

About the Author: Arnab Shome
Arnab Shome
  • 6615 Articles
  • 97 Followers
Arnab is an electronics engineer-turned-financial editor. He entered the industry covering the cryptocurrency market for Finance Magnates and later expanded his reach to forex as well. He is passionate about the changing regulatory landscape on financial markets and keenly follows the disruptions in the industry with new-age technologies.

More from the Author

CryptoCurrency