Just-In: Crypto Lender BlockFi Says Client Data Leaked In Security Breach

Crypto lending platform BlockFi said on Saturday that an unauthorized third party had gained access to some of its customer data. Personal information including names, emails and phone numbers for a “majority” of its clients could have been accessed.

BlockFi said the breach had occurred on Friday through one of its third-party vendors, Hubspot- a sales management platform. The firm clarified in a series of tweets that its internal systems, and more importantly, client funds, were not impacted.

The lender also said that there was an ongoing investigation to understand the full scope of the data breach’s impact.

In the spirit of transparency, we wanted to make our clients aware of this incident before bad actors could use this information to their detriment. We felt time was of the essence, and we are expediently working through our investigation.

-BlockFi on twitter

BlockFi also instructed customers to take no action on their end.

The breach comes as another blow to the New Jersey-based company, which was fined $100 million last month after a Securities and Exchange Commission (SEC) investigation found its high-yield products breached an investment act.  The firm was instructed to stop opening new high-yield accounts for Americans, and to register its products as securities- a first for crypto lenders.

In addition to the usual suite of wallet and trading services, BlockFi offers crypto loans, as well as high-interest accounts for crypto deposits, although the latter has been a main point of contention for the SEC.

Crypto hacks an ongoing issue

Given its reliance on the digital world, crypto has been susceptible to hacks and breaches since its inception. A 2018 hack had seen more than $500 million in crypto stolen from Japanese exchange Coincheck, the largest amount stolen so far.

More recently, Singaporean exchange Kucoin saw more than $250 million stolen by hackers in 2020, while Crypto.com lost $34 million of customer funds to outside forces this January.

Outside of exchanges, a planned airdrop by the Ukrainian government, to crypto donors, was targeted in a phishing attempt earlier this month. Gnosis-based DeFi platforms Agave and Hundred Finance also recently saw about $11 million stolen.