FTX Users Face New Threats After Kroll Data Breach
Shortly after a cybersecurity breach at Kroll, a wave of phishing attacks has been unleashed upon users of the defunct cryptocurrency exchange FTX. The breach, later discovered to be a result of a SIM swap on a Kroll employee’s phone, has created a ground for cybercriminals.
The now-bankrupt FTX exchange clarified that the data breach originated from its bankruptcy claims agent, Kroll. FTX emphasized that it did not store its account passwords on Kroll’s servers, thereby affirming the integrity of its own systems. However, FTX users have become prime targets due to the security compromise of their claims agent. As of this reporting, Kroll is actively reaching out to those affected by the security incident, offering them guidance on how to enhance their digital security protocols.
According to FTX's official communications, a series of phishing emails have been circulating among its users, following Kroll's breach. These emails lured customers with a misleading prompt about their eligibility for withdrawing digital assets from their FTX accounts, leading them to click on a fraudulent link.
According to an official update from FTX, a considerable number of users have reported receiving phishing emails following Kroll's cybersecurity breach. The breach exposed non-sensitive customer data from specific claimants tied to an ongoing bankruptcy case.
The on-chain investigator, ZachXBT, also claimed that his friend received a similar phishing email linked to their FTX account. The fraudulent emails begin by asserting the recipient's eligibility to withdraw digital assets from their FTX account, and then proceed to guide them to a link for initiating the withdrawal.
Changpeng 'CZ' Zhao, CEO of Binance cryptocurrency exchange, took to social media to alert the public of the escalating phishing threats. Zhao linked the attacks directly to the data leak at Kroll, noting that the breach was made possible by a SIM swap attack on one of Kroll’s employees.
Zhao’s warning was not limited to just FTX users. He also flagged that users of crypto bankrupt lender BlockFi and the insolvent Genesis crypto exchange should be on high alert, as they too are susceptible to these new phishing attacks.
In a SIM swapping scam, hackers trick mobile carriers into transferring the victim's phone number to a device controlled by the attackers. This then provides them unauthorized access to personal and financial data, including cryptocurrencies and passwords.
FTX's bankruptcy has already amassed a $1.5 million per day in legal fees, intensifying the financial strain on the creditors who are becoming increasingly anxious about the impact on future payouts. The situation is further complicated by the dissatisfaction among claimants who were left in the dark about possible plans to resurrect FTX.