As if FTX creditors don’t have enough on their plate, now they have to combat inevitable phishing attacks that will come following the recent data breach at Kroll.
Kroll, a financial firm that handles bankruptcy claims for insolvent crypto businesses FTX, BlockFi, and Genesis, confirmed that a threat actor managed to compromise an account belonging to one of its employees and use it to steal certain data on a limited number of users.
FTX and BlockFi posted a message on Twitter, saying the attack resulted in the theft of “limited, non-sensitive customer data of specific claimants.”
Apparently, the attacker managed to SIM-swap one of Kroll’s employees’ T-Mobile accounts and use it to move past the multifactor authentication (MFA) security protocol and enter the company’s systems. Once inside, they stole things like full names, postal addresses, email addresses, and debtor claim details, of an unknown number of creditors.
Multiple crypto businesses went bust in 2022, losing billions of dollars worth of cryptocurrencies of people who used their services. Some of these companies are now in the middle of their bankruptcy proceedings.
Kroll said it would notify affected individuals directly. The breach has since been contained, it was added.
While the attackers may have been pushed out, the damage has been done. Some people have already taken to social media to warn about phishing emails they received. In most cases, the attackers are impersonating FTX and telling the victims that crypto asset withdrawal has been re-enabled. The goal of the campaign, however, is to trick the victims into giving away whatever cryptocurrencies they had left elsewhere.
Finally, a spokesperson for Kroll told the publication that there is no evidence the attacker managed to move laterally to other user accounts or systems. The attack was limited to these three companies.