Marcel ‘s passion for the world of cryptocurrencies and his comprehensive knowledge of blockchain technology make him an invaluable asset to our team. He stays updated on the latest trends, regulations, and emerging technologies in the crypto space, ensuring that our audience receives accurate and up-to-date information.
Latest posts by Marcel Bich (see all)
- Advanced Installer’s Crypto Twist - October 15, 2023
- Hackers Exploit Designers for Mining - October 15, 2023
- Hackers Target Binance Russia - September 26, 2023
Leading in global security consulting, Kroll revealed that one of its staff members fell victim to a SIM-swapping attack, leading to the exposure of user data from several cryptocurrency platforms associated with the company.
Breached Borders: Attack Exposes BlockFi, FTX, and Genesis Customers
Cryptocurrency lender BlockFi and the formerly insolvent trading platform FTX disclosed a data breach stemming from an attack on a Kroll employee managing the bankruptcy process for both firms.
Kroll officially stated that the attack on August 19, 2023, targeted an employee whose T-Mobile number was commandeered by attackers without authorization. As a result, the attackers obtained files containing personal information of customers from BlockFi, FTX, and Genesis.
The SIM-swapping incident involving the Kroll employee has escalated the vulnerability of BlockFi, FTX, and Genesis customers to potential phishing attempts or similar attacks. Some users have already reported receiving suspicious emails offering assistance in withdrawing digital assets from their FTX accounts.
Despite Kroll’s primary role in cyber risk management, its employees seemed unaware of the associated risks of relying on T-Mobile for wireless communication. This incident underscores the necessity of minimizing dependence on mobile carriers for security measures.
The attack on Kroll serves as a stark reminder of the imperative to decrease reliance on mobile carriers to ensure security. Although many online services mandate a phone number during registration, the ability to remove that number from your profile is a crucial step in safeguarding personal information.