BlockFi data breach exposes retail customers’ personal data

Digital currency lending company BlockFi has become the latest victim of a data breach, and although the attacker wasn’t able to steal funds, they managed to obtain BlockFi’s retail customers’ personal data.

In an incident report, BlockFi recounted how the hacker gained access to its data by conducting a SIM swap attack on a BlockFi employee. A SIM swap is when an attacker tricks a phone service provider into porting a telephone number to a device containing a different SIM, allowing the attacker to access and use applications and platforms tied to the cellphone number that they SIM swapped.

According to BlockFi, the attack lasted for roughly 1.5 hours. Once the attacker gained access to the database, they were able to obtain “information that BlockFi typically uses for retail marketing purposes,” such as the user’s name as listed on the account, email address, date of birth, physical address as listed on the account, and account activity history. BlockFi says the attacker also tried to withdraw funds, however, the attacker was unsuccessful in doing so.

Retail users were affected

Half of BlockFi’s retail clientele was affected by the breach, but none of their institutional clients was affected, according to the company. 

“Over the next few weeks, you may experience an increased quantity of security checks in the withdrawal process from our platform due to extra precautions, said BlockFi in their report. Throughout the pandemic, we have seen an increase in hacking and phishing attempts aimed both at companies and individuals.”

As we have recently reported, FinCEN has found a strong correlation between coronavirus and digital currency-related scams. Unfortunately for BlockFi, the data breach came at a time when BlockFi was experiencing significant growth, with over 7,000 new users signing up for their platform the week of the BTC halving. In addition, BlockFi was projected to pass the $50 million in revenue generated mark within the next 12 months. It will be interesting to see how this breach affects their revenue streams and new-user base.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.