Cryptocurrency firms, including FTX, BlockFi, and Genesis, have contacted victims of data breaches caused by a sim-swapping attack on Kroll, a provider of services and digital products related to valuation, governance, risk, and transparency.
KEY FINDINGS
- SIM-swapping attack on Kroll led to data breach of 3 major crypto firms.
- Customers of FTX, BlockFi, and Genesis warned of potential phishing attacks.
- Kroll investigates SIM-swapping attack, emphasizes data security commitment.
Three major cryptocurrency companies, FTX, BlockFi, and Genesis, grapple with the aftermath of a sophisticated data breach that occurred following a SIM-swapping attack on the renowned risk and financial advisory firm Kroll.
On 19th August 2023, Kroll was informed that a threat actor had exploited a T-Mobile account owned by one of its employees through a meticulously executed SIM-swapping attack.
In this type of attack, unauthorized individuals manipulate mobile carriers into transferring a victim’s phone number to a new SIM card under their control. In this case, the attacker successfully accessed sensitive information stored on Kroll’s systems, specifically files containing personal data related to bankruptcy claimants in cases involving FTX, BlockFi, and Genesis.
The impact of this breach has been significant. Both FTX and BlockFi were quick to notify their customers of the breach. FTX revealed that the compromised information included customer names, addresses, email addresses, and account balances, reassuring users that account passwords and digital assets remained unaffected. BlockFi echoed the sentiment, cautioning its users about a potential increase in phishing attempts and spam phone calls due to the breach.
Kroll promptly took steps to secure the compromised accounts and initiated an investigation into the incident in collaboration with the FBI. While the affected companies have emphasized that the security of their systems and digital assets remains intact, there are concerns that the stolen data could be leveraged in phishing attacks.
Users of these platforms have reported receiving phishing emails enticing them to withdraw funds from their accounts, indicating that fraudsters are already attempting to exploit the situation.
SIM-swapping attacks, although not new, remain a potent tool in the arsenal of cybercriminals. By gaining control of a victim’s phone number, attackers can effectively bypass multi-factor authentication and take control of various accounts tied to that number.
As more businesses and individuals rely on mobile phone numbers for authentication and account recovery, the risks associated with SIM-swapping attacks grow.
Cybersecurity experts suggest a few key steps to minimize vulnerability: regularly review and update account recovery methods to include security keys or mobile authentication apps; reduce reliance on SMS-based authentication; and explore alternatives to providing phone numbers for account registration.
In a statement, Kroll, a provider of services and digital products related to valuation, governance, risk, and transparency, reiterated its commitment to data security and information protection, expressing regret for any inconvenience caused and emphasizing its dedication to safeguarding clients, partners, and the broader community.
