Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Consulting giant Kroll announced that a SIM-swap attack on one of its employees resulted in the theft of user data from several major cryptocurrency platforms. The fact is that FTX, BlockFi and Genesis used the services of Kroll in connection with their bankruptcy cases in order to return part of the funds to users.
On August 19, 2023, hackers reportedly attacked a T-Mobile account and "hijacked" a Kroll employee's phone number using SIM spoofing, eventually using it to gain access to some bankruptcy filing files, including BlockFi, FTX, and Genesis.
As FTX and BlockFi now write on X (formerly Twitter), the Kroll incident involving unauthorized third-party access to the company's systems resulted in the leakage of "some non-sensitive customer data of specific applicants."
While it's unclear exactly what data is being referred to, both companies note that customer passwords and funds were not affected because the FTX and BlockFi systems were not directly compromised. It is also reported that Kroll has already dealt with the incident and will directly notify all affected individuals.
Representatives of Genesis did not make official statements about what happened, but CoinDesk cites a notification for affected applicants, which says that during the attack, the attackers bypassed the multi-factor authentication of a Kroll employee and gained access to the company's cloud systems. As a result, full names, physical addresses, e-mail addresses and details of specific applications fell into the hands of hackers.
Affected users are already reporting on social media that they have started receiving phishing emails. In most of these messages, the attackers impersonate FTX and claim that the recipient of the letter can allegedly start withdrawing their digital assets from the accounts of the bankrupt exchange. In this way, scammers try to find out the seed phrases of the victims.
On August 19, 2023, hackers reportedly attacked a T-Mobile account and "hijacked" a Kroll employee's phone number using SIM spoofing, eventually using it to gain access to some bankruptcy filing files, including BlockFi, FTX, and Genesis.
As FTX and BlockFi now write on X (formerly Twitter), the Kroll incident involving unauthorized third-party access to the company's systems resulted in the leakage of "some non-sensitive customer data of specific applicants."
While it's unclear exactly what data is being referred to, both companies note that customer passwords and funds were not affected because the FTX and BlockFi systems were not directly compromised. It is also reported that Kroll has already dealt with the incident and will directly notify all affected individuals.
Representatives of Genesis did not make official statements about what happened, but CoinDesk cites a notification for affected applicants, which says that during the attack, the attackers bypassed the multi-factor authentication of a Kroll employee and gained access to the company's cloud systems. As a result, full names, physical addresses, e-mail addresses and details of specific applications fell into the hands of hackers.
Affected users are already reporting on social media that they have started receiving phishing emails. In most of these messages, the attackers impersonate FTX and claim that the recipient of the letter can allegedly start withdrawing their digital assets from the accounts of the bankrupt exchange. In this way, scammers try to find out the seed phrases of the victims.
