On May 14, BlockFi, one of the most recognized cryptocurrency lending companies, suffered a data breach. A theft which exposed important and sensitive information about the company's customers, and which could put them in physical danger of kidnapping and extortion.
The temporary data breach suffered by the BlockFi platform on May 14 allowed cybercriminals to extract important data about several of the platform's clients. This could endanger users' lives by lending itself to cases of extortion and kidnapping.
This was announced by the BlockFi lending platform in a report The company recently issued a statement explaining everything that happened and how they acted quickly in the face of the cybercriminals' intrusion, completely closing off unauthorized access to the platform. The company also reported that new security measures are already being implemented to prevent this type of incident from happening again in the future.
In the report issued by the BlockFi company it is explained that Unauthorized access to the platform was executed through a SIM attack. One BlockFi employee had his phone hacked, allowing cybercriminals to use his personal information and number to access the platform.
From his phone number, cybercriminals managed to obtain the email account. And use his personal number to receive the verification codes for said user account. Thus, they were able to successfully access the BlockFi platform. Likewise, The report states that cybercriminals attempted to withdraw funds from several customers, but the attempts were unsuccessful and had no success..
However, the attackers did manage to gain access to customers' personal information and data. Although BlockFi claims that during the data breach, non-public information could not be stolen either. That is, the cybercriminals were not able to obtain data such as: account access passwords, social security numbers, identification numbers, passports or licenses, bank account information, or other similar data.
It may interest you: Javier Pastor explains What does the third Bitcoin Halving mean for users and investors?
BlockFi attack: a potential risk for users
In the report presented, the crypto lending company BlockFi indicates that there is no danger to the funds within the platform. However, If there may be a possibility that customers may be victims in cases of extortion or physical robbery. Since their names and residential addresses were extracted during the attack.
Likewise, other leaked user information was regarding the activities they perform; something that cybercriminals can use as a basis to discover or estimate the amount of funds each client handles or the size of their accounts.
However, an unknown company spokesperson assured that:
"We have received no further indication that an unauthorized third party has altered the information accessed at this time."
He also stressed that the stolen customer information is part of the company's marketing campaigns, which allow it to send notifications and promotions to each customer based on their interests.
“We may use your personal information and information about how you use our services to send you promotional and other information. We may also use your personal information to perform analysis regarding your use of our services and products and the effectiveness of our marketing initiatives.”, dictates the company's privacy policy.
What is a SIM-Swapped Attack?
One of the most common and widely used attack techniques today is SIM Swapped. Also known as a mobile phone SIM card swapping attack. This attack It consists of duplicating a person's SIM card through an authorized agent.. For this purpose, the personal data of said person is used, such as full names, identification documents, address and telephone number.
With this information, the cybercriminal can take on another identity, impersonate the victim and request a duplicate SIM card. And although this process is generally quite safe and reliable for authorized agents, we must not overlook the power of persuasion that these criminals can have.
With this action, the actors behind the data breach at BlockFi were able to obtain the phone number of one of the employees, obtaining their private access information to access their account on the platform. Therefore, among the recommendations of the lending company to its users is to update the security levels of their accounts.
For example, BlockFi recommends using two-factor authentication (2FA) and a much more secure identity verification app, eliminating personal emails and account verification via text messages to mobile phones.
Secondary services, the Achilles heel of blockchain
In 2018, Michael Terpin, a crypto investor, was the victim of a SIM Swapped attack. During which approximately 24 million dollars were stolen from his accounts. For this reason he filed a lawsuit against the telecommunications company AT&T. Alleging that the latter knew about the fact, since in 2017 he had suffered a similar hack.
However, AT&T did not consider the prevalence of the attack on Terpin. Therefore, the actions of its employees helped to trigger the theft, allowing cybercriminals to gain control of his phone number, and therefore, access his private accounts.
Meanwhile, in 2019, Gregg Bennett sued cryptocurrency exchange Bittrex, alleging that through a SIM Swapped attack, the exchange allowed $1 million to be withdrawn from his account.
Importance of privacy within blockchain networks
In 2017, Pavel Lerner, a trader at the Bitcoin exchange Exmo, was kidnapped in Ukraine and forced to pay a huge sum in cryptocurrency for his ransom and release.
The group of criminals responsible for Lerner's kidnapping noticed the activities he was carrying out with the Bitcoin cryptocurrency. So they decided to carry out the kidnapping, and two days later collect the million-dollar ransom.
Similarly, a similar situation occurred earlier this year in Thailand, when a cryptocurrency consultant from Singapore was also kidnapped and forced to pay a large sum of cryptocurrency as a ransom.
With these similar cases of extortion and kidnapping, many experts and members of the crypto community have placed special emphasis on the importance of financial privacy within blockchain networks. In order to maintain and guarantee the protection of users' sensitive information. This allows cybercriminals to avoid using said data to carry out illicit activities that endanger the lives of victims.
Continue reading:
In addition, through the implementation of the blockchain, financial agreements can be generated much more quickly and safely. This compared to traditional systems. Through this technology a user can transfer the amount of money they want without major difficulties. No matter where you are in the world and just having an Internet connection.
Continue reading: AVA Labs develops its first Blockchain Hackathon focused on Spanish-speaking university students
In addition, through the implementation of the blockchain, financial agreements can be generated much more quickly and safely. This compared to traditional systems. Through this technology a user can transfer the amount of money they want without major difficulties. No matter where you are in the world and just having an Internet connection.
Continue reading: AVA Labs develops its first Blockchain Hackathon focused on Spanish-speaking university students