The crypto credit provider BlockFi has been attacked by hackers. The hackers succeeded in accessing parts of BlockFi’s back office by means of a so-called SIM swapping. However, the attempt to steal crypto money had failed.
The US company BlockFi, which specializes in crypto loans, manages more than 600 million US dollars in various crypto currencies. Many investors also entrust BlockFi with their Bitcoin (BTC) and other crypto currencies such as Ethereum (ETH) in order to collect attractive interest rates. Now, however, the news that BlockFi has become the target of cyber criminals is startling. According to BlockFi, attackers succeeded in copying the mobile phone of an employee via a SIM swap. This opened up access to BlockFi’s back office for the hackers for more than an hour. BlockFi gives the all-clear, however: no sensitive customer data such as credit card information was stolen and attempts to transfer funds from BlockFi to other accounts failed.
Background to the attack on BlockFi
BlockFi had to admit that when the internal system was infiltrated, customer data used for marketing was read out, in detail name, e-mail address, date of birth, home address and activity log. However, this information is normally not used to carry out monetary actions, as passwords or other identification methods are also required.
According to BlockFi, the attack was quickly detected and a second attempt was already prevented. As immediate measures, access rights to the internal systems of employees were restricted and their mobile phones were provided with a security update. In addition, further general security checks were carried out and the time needed to lock down the system in the event of an attack was reduced.
The report from BlockFi reads transparently. But the question why BlockFi did not go public with it until five days after the incident on May 14 remains unanswered. BlockFi also does not report about the attack on its presence in the social networks. In this respect, the recommendations that BlockFi now gives its customers for more security cannot reach everyone in case of doubt.
What customers of BlockFi should do now
BlockFi advises to secure accounts with a two-factor authentication (2FA) and not to use SMS or second email addresses as a method. Instead, 2FA should be better handled with an authentication app or push messages. If you don’t use 2FA, you run the risk of losing control over your account by simply clicking on “Forgot your password” on BlockFi. Because if they get an email account under their control, they can quickly succeed without 2FA.
As a second security measure BlockFi recommends to activate whitelisting. This means that wallet addresses are only activated for withdrawals after 72 hours, which gives customers more time to react to suspicious actions and prevent their funds from being withdrawn.
Conclusion: BlockFi is not invulnerable
It is in the nature of decentrally organized crypto currencies that they are an attractive target for cyber criminals. If hackers get their prey here, the transfers can’t be reversed. BlockFi got off with a slap on the wrist. The crux of the matter: all experts recommend that stocks of Bitcoin and Co. should be kept safely on hardware wallets. But with loan transactions such as with BlockFi this is not possible, because the coins actually have to be transferred to the service provider. Here you have to rely on the seriousness of the provider. BlockFi points out that you have constant security checks carried out by independent experts and 95 percent of your money is parked on cold wallets, where it is in principle not vulnerable online.
Best place to buy Bitcoin: