BlockFi, a cryptocurrency lending company, announced on Saturday that an unauthorized third party had obtained access to some of its user data. A “majority” of its clients’ personal information, including names, emails, and phone numbers, could have been accessed.
According to BlockFi, the breach occurred on Friday via one of its third-party providers, Hubspot, a sales management software. In a series of tweets, the firm underlined that its internal systems, and, more importantly, client monies, were unaffected.
The lender also stated that an investigation was underway to determine the full extent of the data breach’s impact.
The breach is just another setback for the New Jersey-based business, which was penalised $100 million last month after an SEC probe determined that its high-yield products violated an investment act. The company was told to halt opening new high-yield accounts for Americans and to register its goods as securities, a first for cryptocurrency lenders.
BlockFi offers crypto loans, as well as high-interest accounts for crypto deposits, in addition to the normal array of wallet and trading services, though the latter has been a source of controversy for the SEC.
Crypto, because of its reliance on the digital world, has been vulnerable to hacks and breaches from its beginnings. More than $500 million in cryptocurrency was taken from Japanese exchange Coincheck in a 2018 breach, the greatest amount stolen so far.
Recently, hackers stole more than $250 million from Singaporean exchange Kucoin in 2020, while Crypto.com lost $34 million in user cash to outside forces in January.
A planned airdrop by the Ukrainian government to crypto benefactors was targeted in a phishing attempt earlier this month, outside of exchanges. Agave and Hundred Finance, both Gnosis-based DeFi platforms, recently had approximately $11 million stolen.