Successful cyber attacks on online crypto platforms have been on the rise this year, revealing the vulnerability of the systems that are meant to safeguard its users funds and data. Last month, hackers cleaned out almost 99% of the funds on decentralized finance (DeFi) network dForce. A month later, lending firm BlockFi made an announcement on May 14 informing their users of a security breach where a hacker managed to gain access to its marketing systems.
While no funds were lost, the hacker managed to access user profile particulars such as name, date of birth, emails, transaction histories and addresses. BlockFi reassured its users that identification documents and bank account details are safe. According to BlockFi’s report, the hacker attempted to siphon funds out of accounts using the personal data they stole, but failed as BlockFi was able to lock the hacker out of its systems before any significant damage could be done.
“A BlockFi employee’s phone number was breached and utilized by an unauthorized third party to access a portion of BlockFi’s encrypted back office system. This type of breach is commonly referred to as a SIM port. The unauthorized third party was able to do this by obtaining unauthorized access to the employee’s phone and email via a cell phone network vulnerability,” the report reads.
BlockFi’s community has expressed disappointment at the lack of prompt and detailed disclosure regarding the data breach as the announcement came four days after the hacking attempt. Despite BlockFi’s reassurances that user funds and accounts are safe, even a restricted data leak can prove to have severe repercussions for users affected in the long run. Moreover, that the hacker was able to access BlockFi’s systems with a simple SIM swap also raises doubts over the strength of BlockFi’s security measures. The company has not come forth to address the issue directly.
You may also want to read: Vitalik Buterin: The Future of Ethereum in the Current Political Climate and Risk in DeFi