Cybersecurity Incident Exposes Customer Data of Crypto Companies FTX, Genesis, and BlockFi via Third-Party Agent
Crypto News – Kroll, a critical data aggregator entrusted with gathering customer claims on behalf of insolvent corporations, has fallen victim to a significant ‘cybersecurity incident.’
As a consequence of the breach at Kroll, a third-party entity responsible for overseeing creditor claims for distressed businesses, the personal data of clients associated with bankrupt entities such as FTX, Genesis—a cryptocurrency exchange—and BlockFi—a lending platform—has been exposed.
It’s worth noting that sensitive information such as passwords for cryptocurrency accounts remained untouched. However, clients have been duly cautioned regarding the potential for fraudulent activities where scammers might attempt to exploit the bankruptcy proceedings. Notably, both Genesis and CoinDesk share the same parent company, Digital Currency Group.
According to BlockFi’s official statement via Twitter, an “unauthorized third party” managed to infiltrate and access specific client data linked to BlockFi, which was stored on Kroll’s platform. FTX, on the other hand, indicated that they were closely monitoring the unfolding situation.
While the internal systems of the aforementioned crypto enterprises remain uncompromised, the incident has evoked concerns about the possible exploitation of the accessed personal data by malicious actors. These actors might endeavor to extract even more valuable details, such as seed phrases or passwords.
Kroll, which, regrettably, did not furnish a timely response to CoinDesk’s request for comment, serves as a bankruptcy service provider for a wide spectrum of companies, extending beyond the cryptocurrency sector. Notably, Kroll’s official website also showcases its cybersecurity consultancy prowess, boasting a team of “elite cyber risk leaders” with a unique capacity to deliver comprehensive global cybersecurity services.
In an official statement posted on its platforms pertaining to the ongoing bankruptcy cases of FTX and Genesis, Kroll revealed that the breach originated from a SIM-swapping attack directed at one of its staff members. Through this attack vector, the hacker managed to access digital files containing sensitive customer data, including names, addresses, email addresses, and the size of their respective claims.
Both FTX and BlockFi initiated bankruptcy proceedings in the preceding year, triggered by a leak of FTX’s balance sheet details via CoinDesk. Currently, both companies are navigating intricate legal processes to facilitate the liquidation process and the eventual restitution of funds to their creditors. This week, during a court session in Delaware, it was disclosed that the estate is incurring daily legal expenses of $1.5 million.
1 Comment