$0 USD

MARCH 2022

UNITED STATES

BLOCKFI

DESCRIPTION OF EVENTS

"BlockFi is a crypto management platform that lets you leverage your cryptocurrency and put it to fair use." "This platform has been around since 2017, and while it’s independently owned, several financial giants like SoFi and Fidelity back it." "At BlockFi, you can earn up to 8.6% interest per year on your cryptocurrency holdings, borrow cash, buy and sell crypto, and access other bank-like services. It’s like an all-in-one crypto bank." "Today, a growing number of users are using BlockFi as a bank for their cryptocurrency. Just like you use Bank of America or a Credit Union for your fiat currency, you can use BlockFi for your cryptocurrency."

 

"BlockFi [recently] introduced trading at no fees for Bitcoin, Ethereum and the stablecoin GUSD. The startup has been known to allow users access to returns on their cryptocurrency holdings by offering loans to borrowers against users’ cryptocurrency holdings and then passing across the returns in terms of interest on the loans while securing the crypto assets that were used as security for the loans."

 

"As part of Hubspot being used for CRM and marketing processes, BlockFi stored data that included name, email, and phone number for a majority of our clients."

 

"As Cointelegraph reported, hackers gained entry to BlockFi’s shopper data that was hosted on Hubspot, a client relationship administration platform."

 

According to BlockFi: “Hubspot has confirmed that an unauthorized third-party gained entry to certain BlockFi shopper data housed on their platform.”

 

"On Mar. 19, New Jersey-based crypto financial institution BlockFi proactively confirmed an info breach to warn merchants in regards to the alternative of phishing assaults."

 

"While specifics on the breached data are however to be acknowledged and revealed, BlockFi reassured prospects by highlighting that personal data — along with passwords, government-issued IDs and social security numbers — “have been certainly not saved on Hubspot.”"

 

"On Friday, March 18, 2022, BlockFi learned of a data incident at one of our third-party vendors, Hubspot, a client relationship management platform. Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform." "HubSpot provides a customer relationship management (CRM) platform for marketing, sales and content management services."

 

"To be clear, BlockFi's internal systems and client funds are safeguarded and were not impacted. We can also confirm that BlockFi account passwords, government-issued ID numbers and social security numers were never stored on Hubspot. The incident occurred at Hubspot and we are notifying you directly so that you can take actions to further protect yourself. No action is needed on your BlockFi account at this time."

 

"The protection and safekeeping of our systems and clients' assets are of the utmost importance." "We are working with Hubspot as the continue their investigation to understand the full scope of impact." "We will continue to keep you updated as this process evolves."

 

"A rogue employee working at HubSpot – used by more than 135,000 (and growing) customers to manage marketing campaigns and on-board new users – has been fired over a breach that zeroed in on the company’s cryptocurrency customers, the company confirmed on Friday."

 

"A full list of the affected clients has not been published, but [HubSpot] said it appeared to be a “targeted incident focused on customers in the cryptocurrency industry”."

BlockFi is a platform which allows users to provide their cryptocurrency and earn a high rate of return, as the platform lends out the funds to other users. The company used HubSpot to assist with managing their customer relationships. HubSpot suffered a data breach and names, email addresses, and phone numbers of customers were leaked. An announcement was made and the employee at the company who enabled the breach has been fired. Customers must be aware for future phishing scams which may target them.

HOW COULD THIS HAVE BEEN PREVENTED?

Privacy-conscious customers can set up separate email addresses for each service easily, and avoid providing their phone number when possible. Any received emails must be viewed with scrutiny. Interact with companies only through their official websites and confirm anything with the company directly if it promises a significant reward or threatens access to your funds.

 

Platforms should put in place multi-signature access control on all customer data, which requires the approval of multiple people to enable the download of data.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.