FTX, Genesis, BlockFi customer data at risk in bankruptcy hack

    • Kroll warns customers of Genesis, FTX and BlockFi about potential phishing scams that could seek unauthorised access to their crypto wallets. 
    • Kroll warns customers of Genesis, FTX and BlockFi about potential phishing scams that could seek unauthorised access to their crypto wallets.  PHOTO: BLOOMBERG
    Published Sat, Aug 26, 2023 · 07:12 AM

    BUSINESS and legal services provider Kroll said it is cooperating with federal law enforcement after a hacker gained access to files that may have contained personal information for customers of bankrupt crypto platforms FTX, BlockFi, and Genesis Global.

    Kroll said Friday (Aug 25) it appears the attack occurred on or about Aug 19 and that the company is cooperating with the Federal Bureau of Investigation. Kroll took immediate action to secure the three affected accounts and “a full investigation is underway,” the company said in a statement.

    The hacker appears to have accessed files on Kroll’s cloud system that may have contained customer names, addresses, emails and other information on claims creditors have with the three crypto firms, the company said.

    An attacker used a so-called “SIM swap” attack to gain access to a Kroll employee’s T-Mobile mobile phone number, Kroll said.

    Generally, such scams involve someone taking over a target’s phone number by getting a phone service provider to transfers numbers to phones the attacker controls. Kroll and a handful of other private companies provide administrative services to companies in Chapter 11.

    Kroll said it has no evidence to suggest its other systems were impacted in the hack and warned customers of Genesis, FTX and BlockFi about potential phishing scams that could seek unauthorised access to their crypto wallets. 

    BT in your inbox

    Start and end each day with the latest news stories and analyses delivered straight to your inbox.

    FTX said in a series of posts on social-media platform X it was monitoring the situation and that the crypto platform’s own systems weren’t impacted. BlockFi and its creditor committee said it was working with the company and Kroll to understand the situation and that neither its own systems nor client funds weren’t impacted in the attack. Genesis’s creditor committee referred customers to court papers about the incident.

    Kroll sent more than 700 Genesis creditors information about the attack via email Thursday, according to court documents. 

    The attack is the latest scam targeting customers of bankrupt crypto firms. Customers of bankrupt crypto platform Voyager Digital Holdings have been hit with various scams designed to gain access to their accounts, company lawyers have told the judge overseeing the Chapter 11 case.

    Typically, the scammers set up a fake website that claims Voyager customers can increase their payout by linking their non-Voyager crypto wallets to a new account. Once the new account is created, the non-Voyager wallets are drained, Voyager lawyers said earlier this month.

    Judge Michael Kaplan, who is overseeing the BlockFi bankruptcy, said last month he was inclined to keep customer names under seal because of concerns that they could be targeted by scammers.

    Judge Kaplan said accounts he had used to learn about crypto had been flooded with spam messages and dubious offers to unlock crypto accounts frozen in bankruptcy.

    Representatives for BlockFi and T-Mobile didn’t immediately respond to requests for comment. FTX referred to its posts on X. Lawyers for Genesis did not immediately comment on the incident. BLOOMBERG

    Share with us your feedback on BT's products and services