Image: Jonathan Borba via Unsplash

Bankrupt crypto platforms FTX and BlockFi warn customers of data breach

Cryptocurrency giants FTX and BlockFi warned customers on Thursday evening that a data breach affecting one of their vendors leaked sensitive information.

The companies were among the most popular cryptocurrency trading platforms before they filed for bankruptcy in November. FTX had been slated to purchase BlockFi before it went under.

Like many crypto platforms that went bankrupt last year, thousands of FTX and BlockFi users had money in accounts on the service when they went bankrupt, leaving millions of dollars worth of crypto in limbo as the company went through the bankruptcy process.

Both FTX and BlockFi hired advisory firm Kroll to create a claims administrator platform so that it could give its users back some of the funds that had been lost during their respective collapses.

Kroll informed both companies on Wednesday, however, that there was a “data incident.”

“FTX learned that Kroll, the claims agent in the bankruptcy, experienced a cybersecurity incident that compromised non-sensitive customer data of certain claimants in the pending bankruptcy case,” FTX said.

“The incident occurred at Kroll, and Kroll is notifying affected individuals directly with measures that customers can take to protect themselves. FTX account passwords were not maintained by Kroll, and FTX’s own systems were not affected.”

FTX added that Kroll has assured them that they “promptly contained and remediated the incident.” But they warned that users need to be on high alert for scam emails and fraudulent calls.

BlockFi published a similar message, telling users that an “unauthorized third party” gained access to customer data held on Kroll platforms.

“To be clear, BlockFi's internal systems and client funds were not impacted. We can also confirm that BlockFi account passwords were never stored on Kroll's platform,” the company said on X (formerly Twitter).

“We are notifying you directly so that you can take actions to further protect yourself. No action is needed on your BlockFi account at this time.”

Neither Kroll nor the cryptocurrency platforms responded to requests for comment and inquiries about how many users were affected or what kind of information was accessed.

Like FTX, BlockFi urged users to take a number of measures to protect themselves — including better cyber hygiene, two-factor authentication and a feature called “allowlisting” which will trigger a 7-day hold on any customer fund withdrawals.

"This significantly reduces the risk of being impacted by a bad actor,” BlockFi explained, adding that they wanted to make customers aware of the incident “before bad actors could utilize this information to clients' detriment.”

“We felt time was of the essence, and we are expeditiously working through a full review of the facts. Additional information will be emailed to all affected clients as more details become available,” they said.

The statement notes that BlockFi and Kroll will never call, email or text customers asking for personal information. Users should always go to the BlockFi website instead of clicking on any links, the company said.

Customers “should expect an uptick in phishing attempts and spam phone calls,” they said.

The BlockFi Official Committee of Unsecured Creditors, an organization representing former BlockFi users, also sent out a warning to members about the incident and said it is “working diligently with BlockFi and Kroll to understand the situation and the next steps to protect BlockFi customers.”

BlockFi’s statement notes that this is not the first cyberattack affecting a bankrupt cryptocurrency platform. Three weeks ago, lawyers for crypto platform Voyager said in bankruptcy court that it was also hacked.

Like BlockFi, Voyager’s ties to FTX precipitated the bankruptcy proceedings.

The company reopened its platform for 30 days in an effort to give customers a chance to remove a percentage of their funds. But the company’s lawyers said the platform had been hacked during the 30-day window and they are now working with law enforcement and court officers to investigate the incident.

The lawyer warned that hackers had set up multiple fake websites to fool Voyager customers into linking their crypto wallets, which were subsequently drained, according to Bloomberg.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.