BlockFi Confirms Security Breach, Provides Tips To Protect Online Presence From Malicious Actors

BlockFi, a New Jersey-based cryptocurrency lending platform, confirmed over the weekend the leak of user data at one of its third-party vendors, Hubspot. The breach also affected Swan Bitcoin and Pantera Capital.

The rapidly growing cryptocurrency industry has attracted the attention of malicious actors, and reports on a crypto platform getting breached or hacked surface online are increasing in frequency.

The latest victim of these malicious actors is the Customer Relationship Management (CRM) system Hubspot. Based on BlockFi's announcement, hackers gained illegal access to the lending platform's data, which includes personal information like names, phone numbers and emails of the company's customers. Swan Bitcoin and Pantera Capital also issued messages also warned their clients that their information may have been accessed.

It is worth noting that not all the data of BlockFi's clients were stolen, but the majority of them could have been accessed by the recent breach. According to the cryptocurrency lending platform, the breach occurred Friday.

The platform also clarified through a series of tweets that none of the clients' funds and internal systems were affected. BlockFi also acknowledged that time is of the essence and assured its customers that it is conducting an ongoing investigation to get the full scope of the breach's impact.

It assured its customers that although the specifics of the incident are not yet clear, extremely sensitive data like government-issued IDs, passwords and social security numbers "were never stored on Hubspot."

The platform clarified that it wanted to be transparent with its clients by announcing the breach. It also warned customers that data accessed by the hackers could be used against them.

BlockFi also recommended several tips to help users protect their online presence, particularly from bad actors. These include creating strong passwords, allowing only trusted applications, observing vigilance against scammers and using two-factor authentication (2FA).

The platform said, "additional information will be emailed to all impacted clients in the coming days."

Hubspot said in a statement: "On March 18, a bad actor compromised a HubSpot employee account. While our investigation is still underway and we continue to learn additional details, our initial assessment suggests that data was exported from fewer than 30 HubSpot portals, all of whom have been notified. At this time, we believe this to be a targeted incident focused on customers in the cryptocurrency industry. We have terminated access for the compromised HubSpot employee account and removed the ability for other employees to take certain actions in customer accounts. "

A similar incident happened to Crypto.com, one of the largest cryptocurrency exchanges, in January. According to the platform, the breach affected 400 accounts. Fortunately, it was able to immediately stop unauthorized withdrawals and lifted those restrictions within four hours.