FTX, BlockFi and Genesis suffer Data Breach After Kroll’s SIM Swap Incident

Three cryptocurrency firms — FTX, BlockFi, and Genesis — encountered data breaches following a SIM-swapping assault directed at Kroll, a risk and financial advisory company.

🚨🚨🚨🚨

ATTENTION #FTX customers all your data has being compromised by a hack made to Kroll the FTX Bankruptcy agent

do NOT click any links or open emails asking for your details just got this email.#BTC #ETH #crypto #cryptocurrency #CryptoNews #FTT #SCAM #scammers pic.twitter.com/MXiXlToo47

— Calc My Crypto (@CalcMyCrypto) August 25, 2023

What happened?

Kroll revealed in a recent statement that on August 19, it became aware of a highly sophisticated attack where a cybercriminal utilized SIM swapping to transfer control of an employee’s T-Mobile number to their own SIM card. 

Subsequently, the attacker used the compromised phone number to gain entry to systems containing the personal data of individuals making bankruptcy claims in the cases of FTX, BlockFi, and Genesis.

In response to this incident, Kroll promptly secured the affected accounts of its three clients and informed the impacted individuals via email. 

The company stressed that it’s collaborating with the FBI, and a comprehensive investigation is underway. Kroll affirmed that there’s no evidence of other systems or accounts being compromised.

Did we get any prompt from the Crypto firms?

FTX, in its communications to customers, disclosed that the intruder accessed files containing details such as names, addresses, email addresses, and FTX account balances. 

It clarified that Kroll does not store FTX account passwords, and the security of FTX systems and digital assets remains intact. 

Customers were cautioned to stay vigilant against fraudulent attempts masquerading as parties linked to the bankruptcy process.

In response to Kroll’s cybersecurity incident, FTX has taken the precautionary measure of temporarily freezing affected user accounts within the customer claims portal. We thank you for your patience, and will provide additional information regarding next steps in due course.

— FTX (@FTX_Official) August 25, 2023

Following the notifications by Kroll and the cryptocurrency firms, reports surfaced of FTX users receiving phishing emails falsely claiming eligibility for withdrawing funds from their FTX accounts.

Genesis also informed its customers that their personal information, including names, addresses, email addresses, and claims against Genesis debtors, had been compromised in the Kroll breach. The company alerted customers to the potential misuse of this information for phishing scams and other fraudulent activities.

If Genesis creditors weren't screwed enough, their data was stolen due to a security breach suffered by Kroll. Of course, T-Mobile was part of it (terrible at preventing sim-swaps), but still, I wouldn't let Kroll off the hook for having so much data accessible by a sim-swap. pic.twitter.com/D3GMXkUD1N

— Rob Mitchell (@TheBTCGame) August 25, 2023

BlockFi also released a statement, cautioning its customers about the likelihood of increased phishing efforts and unsolicited phone calls due to the incident.

Regarding recent third-party data incident: pic.twitter.com/WdezgAerLF

— BlockFi (@BlockFi) August 24, 2023

Don’t think, act to be safe!

The aftermath of these data breaches and the SIM swapping attack is a reminder of the evolving threats. 

In response, businesses in the cryptocurrency sector must remain proactive in enhancing their security measures, such as multi-factor authentication and employee training, to fight such attacks. 

Also, collaborations between companies, advisory firms like Kroll, and law enforcement agencies are essential to detect, mitigate, and investigate such incidents promptly.