Crypto Investor Data Stolen From Kroll in SIM SwapFTX, BlockFi and Genesis Claimants at Risk of Phishing
Kroll is warning claimants in three major cryptocurrency bankruptcy cases that hackers obtained their personal data after attackers convinced a mobile carrier to redirect an employee's phone number to their own device.
Kroll Restructuring Administration is the claims agent for insolvent cryptocurrency platforms FTX, BlockFi and Genesis. In a Friday advisory, it disclosed an Aug. 19 SIM swapping attack that resulted in the malicious "access to certain files containing personal information of bankruptcy claimants" in the three cases.
The company said the attacker had convinced a T-Mobile operator to redirect the phone number of a Kroll employee to a different smartphone. T-Mobile did not immediately respond to Information Security Media Group's request for comment. BlockFi tweeted that an unauthorized actor had gained access to customer data held on Kroll platforms, but it said its internal systems and client funds were not affected. "We can also confirm that BlockFi account passwords were never stored on Kroll's platform," the company added. "No action is needed on your BlockFi account at this time."
FTX published a similar message, stating that the breach "compromised non-sensitive customer data of certain claimants in the pending bankruptcy case."
Genesis did not release a statement, but a notice from the firm on Kroll's platform said the incident had not affected Genesis' systems or its digital assets.
The three companies and Kroll urged users to remain alert for attempted fraud and scam emails impersonating parties involved in the bankruptcy case. "The attacker might use this information in a further scam, for example in phishing e-mails to try to trick you into giving up control over your cryptocurrency accounts, wallets or other digital assets," the Genesis notice says.
Hackers appear to have already begun to target potential victims with phishing messages. An X platform user called Bluntz_Capital tweeted about receiving four phishing mails and a user called RiseXBT tweeted about receiving 15 phishing mails.