BlockFi Says Hacker SIM-Swapped Employee's Phone, No Funds Were Lost

The hacker compromised an employee's phone and gained access to users' personal information, including their names and addresses, but BlockFi says no funds were affected.

AccessTimeIconMay 19, 2020 at 2:11 p.m. UTC
Updated Sep 14, 2021 at 8:43 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

BlockFi said an attacker got hold of users' data by compromising an employee's phone and taking control of the person's phone number through a SIM swap attack.

The New York-based crypto lending platform announced in a memo to users on Tuesday that a hacker – whose identity remains unknown – gained access to some of its retail marketing systems for just over an hour early on May 14.

"On May 14, there was a data incident at BlockFi that exposed certain client account information for a brief period of time. While no information was accessed that would enable the intruder to access your account or your funds, we believe it is in the interest of transparency to share the following details with you, and all of our other clients who were potentially affected," reads the memo, which was shared with CoinDesk.

BlockFi said the hacker accessed confidential data, such as names, dates of birth, postal addresses and activity histories. Other sensitive account information including bank account details, social security and tax identification numbers, passport and driver's license numbers and photo scans, were not affected in the data breach, the company said.

User funds were also not affected.

In an incident report, also published Tuesday, BlockFi said the hacker had accessed through an employee's phone. By tricking the mobile phone operator into activating the employee's phone number on another device, the hacker was able to access some parts of the company's internal systems.

"A BlockFi employee’s phone number was breached and utilized by an unauthorized third party to access a portion of BlockFi’s encrypted back-office system," the incident report reads. "The unauthorized third party was able to access BlockFi client information typically used by BlockFi for retail marketing purposes throughout the duration of this incident."

The report adds the hacker tried, unsuccessfully, to make withdrawals of user funds, before BlockFi was finally able to remove them from the internal system.

In a statement, a BlockFi spokesperson said: "A sole intruder gained minimal access for a short period of time to select internal marketing systems. The BlockFi team immediately mitigated the impact of the breach through a number of standing policies and safeguards in place to protect client assets and data."

"The issue has since been resolved and BlockFi’s products and services are fully operational and secure," the spokesperson added.

The spokesperson did not specify which mobile network the employee used.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.