Bankruptcy claims agent Kroll, which was hired by FTX, has fallen victim to a cybersecurity incident that has compromised the personal information of certain FTX customers. FTX, a popular cryptocurrency exchange, confirmed the breach on social media platform X in a post on August 25. The company clarified that the breach only impacted non-sensitive customer data related to claimants involved in FTX’s bankruptcy case. However, no additional information was provided regarding the affected claimants. FTX assured its community that Kroll was directly contacting the impacted claimants to provide guidance on protecting themselves. While stating that Kroll promptly contained and resolved the incident, FTX emphasized that it was closely monitoring the situation.
FTX urged its users to remain vigilant and watch out for potential scam or fraudulent emails that might impersonate parties involved in the bankruptcy proceedings. These emails could be an attempt to exploit the situation for malicious purposes. It is crucial for FTX customers to be cautious and verify the authenticity of any communications they receive regarding the incident.
While the public posts from FTX mentioned a security incident, an email sent to FTX claimants shed light on how the hackers gained access. According to the email, the hackers took control of a Kroll employee’s phone number, using it as a stepping stone to access files stored in the company’s cloud. Unfortunately, the email did not specify when Kroll became aware of the incident; however, it made clear that immediate action was taken to secure the compromised account and initiate investigations. As a result of the breach, the names, addresses, email addresses, and FTX account balances of the affected claimants were exposed.
The cybersecurity incident didn’t solely impact FTX customers. Another bankrupt cryptocurrency firm, BlockFi, revealed that the breach had also affected its clients. BlockFi shared that Kroll confirmed the unauthorized access to some of its clients’ data on the claims administration platform. Thankfully, the incident did not compromise BlockFi’s internal systems or client funds. BlockFi emphasized that the passwords for its user accounts were never stored on Kroll’s platform. Acknowledging the seriousness of the situation, BlockFi took the proactive step of notifying its users directly to ensure that they could take appropriate measures to protect themselves.
Protecting Against Third-Party Bad Actors
Both FTX and BlockFi provided guidance to their customers on protecting themselves against potential threats arising from the cybersecurity incident. Users were advised to exercise caution when responding to emails, especially those requesting personal or financial information. It is essential to verify the legitimacy of any communication received and to refrain from clicking on suspicious links or attachments. Additionally, FTX and BlockFi encouraged their customers to enable multi-factor authentication, regularly change their passwords, and monitor their accounts for any suspicious activity.
The cybersecurity incident affecting Kroll, FTX, and BlockFi highlights the ongoing need for individuals and companies to remain vigilant in the face of ever-evolving cyber threats. It serves as a reminder of the importance of implementing robust security measures and adopting best practices to protect sensitive information. By staying informed and taking appropriate precautions, users can safeguard themselves against potential risks in the digital realm.