SIM Swapping Attack Targets Bankrupt BlockFi, FTX And Genesis

Customer data belonging to three bankrupt crypto firms has been exposed after a SIM swapping attack. The three affected firms include digital asset lenders Block Fi and Genesis and bankrupt crypto exchange FTX.

SIM Swapping exploit exposes BlockFi, FTX, and Genesis customer data

The SIM swapping attack was confirmed by Kroll, a vendor overseeing creditor claims for the insolvent companies. The vendor said the hacking campaign targeted the T-Mobile US account for one of its employees. T-Mobile is a mobile network operator.

SIM Swapping attacks are quite popular in phone fraud cases. In these types of attacks, a hacker tricks a mobile service provider into redirecting the phone number of the targeted victim to a SIM card they control. The attack gives the hacker access to incoming text messages and calls belonging to the victim.

Kroll further said that because of this hacking campaign, the attacker secured access to some files with personal information of the people with claims in the bankruptcy filings for BlockFi, FTX, and Genesis. The vendor also said that it took immediate action to secure the affected accounts.

Kroll further noted that it had emailed the affected users about this hacking campaign. The vendor, which has built its reputation as a risk and financial advisory company, has said it was working with the US Federal Bureau of Investigations (FBI) to investigate this hacking campaign and determine the extent of the breach.

Kroll has also said there was zero evidence showing that the hacking attack affected other Kroll systems and accounts. As such, the hacking campaign might be limited to the systems of the three bankrupt organizations.

FTX and BlockFi confirm attack

FTX and BlockFi have confirmed the SIM swapping attack. However, FTX said that the information stolen in the attack was not sensitive as it did not entail customer data of claimants in its bankruptcy case.

FTX also said that Kroll did not maintain account passwords on the platform. Furthermore, it stressed that its systems were unaffected and monitored the situation. The exchange has urged customers to be on high alert for any cases of attempted fraud and scam emails.

BlockFi also admitted to the attack on Twitter but said its internal systems and client funds were unaffected. The social media firm said BlockFi account passwords were not stored on Kroll.

The digital lender also warned about increased phishing attacks and spam phone calls in the coming weeks. BlockFi is among the crypto lenders that became insolvent after the crypto winter witnessed last year. Before its collapse, BlockFi was in the process of securing a deal from Alameda Research. However, the deal fell through after Alameda Research filed for bankruptcy.

The three businesses filed for bankruptcy protection to restructure their operations. However, the FTX bankruptcy estate plans to restart the exchange in the coming months, allowing users to claim their funds.