Crypto lending firm BlockFi confirmed on Tuesday that they had been victims of a “SIM-swapping” attack. The good news is all of the customer funds are said to be secure but their names and addresses were compromised along with their account histories.
According to darkreading.com a SIM swap attack is when a fraudster gets information by getting a mobile phone carrier to transfer a user’s phone number to a fraudster’s SIM card, the bad guys can access a variety of riches linked to a victim’s mobile phone.
They can compromise multifactor authentication (MFA) methods that use SMS as a second factor by tapping into those SMS authorizations. From there, they can take over victims’ accounts, from social media accounts to financial institutions to luxury retailers. (As a result, SMS is getting scrutinized as an element in MFA.)While the point of SIM swapping often is to shame or humiliate, it has also been used to steal bitcoin.
BlockFi said an attacker got managed to get data by compromising on of its employee’s phones and taking control of the person’s phone number through a SIM-swap attack. The New York-based crypto lending platform sent a memo to users on Tuesday that an unknown hacker gained access to some of its retail marketing systems for just over an hour early on May 14. The hacker accessed confidential data such as names, dates of birth, postal addresses and activity histories but crucially was unable to withdraw user funds or access other sensitive account information including bank account details, Social Security and tax identification numbers.
Share
