Cryptocurrency lender BlockFi alerted clients Tuesday morning of a data breach, according to a memo shared with The Block.
The breach occurred on May 14, impacting less than half of the firm's retail clientele and none of the firm's institutional clients, CEO Zac Prince confirmed to The Block. The breach, which lasted for "about an hour," did not impact customer funds, said the firm.
It, however, did expose account activity information as well as customer email addresses and postal addresses. Social security numbers and images of client licenses and government-issued IDs were not exposed, the company said.
From the memo (emphasis is their own):
"On May 14th, there was a data incident at BlockFi that exposed certain client account information for a brief period of time. While no information was accessed that would enable the intruder to access your account or your funds, we believe it is in the interest of transparency to share the following details with you, and all of our other clients who were potentially affected. Your funds, passwords, and non-public identification information are secure and no BlockFi client or company funds were impacted or at risk. No action is required by you."
A BlockFi incident report stated that the data breach was due to a SIM card swap attack on a BlockFi employee's phone number. The attacker also attempted to withdraw client funds on BlockFi but "was unsuccessful in doing so," according to the report.
Data breaches are not unusual in the cryptocurrency market. In March, it was reported than more than a quarter of a million of Trident Crypto Fund's customers' usernames and passwords had been stolen. In November 2019, crypto derivatives giant BitMEX drew the ire of Twitter users for a breach that impacted the majority of its users, as The Block reported.
As for the BlockFi's breach, the firm said it "quickly terminated the intruder's access to BlockFi's internal system."
"We are constantly reviewing and improving our systems and security processes and will be accelerating efforts in a number of areas as a result of this activity," the memo said. "In addition to ongoing development of our systems, we are actively researching options for us to contribute to the cybersecurity efforts of the cryptocurrency industry more broadly."
Specifically, BlockFi will enhance the frequency of penetration testing and it has updated its system to trigger an even swifter lockdown should something similar happen in the future, Prince told The Block.
The breach comes at a time of rapid growth at the firm. The company brought on more clients in the week of the halving than any other week in its history, adding more than 7,000 new funded accounts, a source with knowledge of the matter told The Block.
The firm is on pace to clock in $50 million in revenue generation for the next 12 months and is currently growing at ~25% month-over-month, the source added.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.