FTX crypto exchange reports data breach caused by their bankruptcy claims agent Kroll
Learn More
The defunct crypto exchange FTX is reporting a cybersecurity breach involving its bankruptcy case claims agent, Kroll. The breach has resulted in the exposure of limited and non-sensitive customer data belonging to specific claimants.
The incident specifically occurred at Kroll, the third-party agent responsible for managing creditor claims in bankruptcy cases.
No details are available as to the nature of the data breach or number of individuals exposed.
Update - The attack was caused by one of Kroll's employees falling victim to a SIM-swapping attack. Hackers stole the Kroll employee's phone number and used it to gain access to some files with personal data of bankruptcy claimants. The employee that was victimized had an account with T-Mobile.
That data appears to have included FTX users’
- email addresses,
- mailing addresses,
- account numbers,
- unique bankruptcy identifiers,
- account balances,
- phone numbers
- other claim details
Kroll says that no user login credentials or claimant financial information are included in the data breach.
In December 2023 Kroll disclosed additional details about an August data breach that exposed personal information of FTX bankruptcy claimants. The breach revealed details such as coin holdings and balances, making it easier for threat actors to target individuals with significant cryptocurrency investments. Kroll highlighted that the incident did not compromise FTX systems or digital assets, nor did it involve FTX account passwords. However, they advised affected individuals to be cautious, especially regarding phishing attempts aiming to access their cryptocurrency accounts and digital assets. Key recommendations include safeguarding passwords and private keys, scrutinizing communications for legitimacy, and verifying information through Kroll's official channels. To enhance security, the use of cold wallets for storing crypto was suggested.
FTX communicated the breach to its customers, creditors, and the general public via Twitter.
FTX has made it clear that Kroll is actively addressing the situation and directly notifying the affected individuals. The compromised customer data pertains to specific claimants linked to the ongoing bankruptcy case.
Importantly, FTX has clarified that account passwords for their platform were not under Kroll's purview, and FTX's internal systems remain secure (which may the best joke of the day coming from a company sued for theft of customer funds)
FTX debtors have engaged with Kroll to oversee the unfolding developments closely. Kroll has assured FTX that it has swiftly taken control of the situation and implemented remedies. However, reports have emerged indicating that FTX clients are already receiving fraudulent emails, indicating that personal customer information might have been compromised and is being exploited by malicious actors.
This breach follows a pattern in the crypto industry, with similar incidents affecting other platforms undergoing bankruptcy proceedings, such as the lending platform BlockFi. Both FTX and BlockFi have raised concerns about the potential for phishing attempts and misuse of personal data, urging their customers to remain vigilant against fraudulent communications.
