Crypto financial services company BlockchainCom revealed on Tuesday that clients’ emails were compromised in a data breach on July 20th. Though customers’ funds weren’t affected, they may have been targeted with fraudulent emails from people posing as the exchange.
Beware of Scam Emails, Warns BlockchainCom
In an email shared with affected clients, the firm explained that BlockchainCom’s internal systems were not impacted. Rather, the initial data breach occurred against the exchange’s third-party vendor SendGrid. BlockchainCom was notified just a day later.
“If you are receiving this email that means your email address was included, and you may have received a fraudulent email impersonating Blockchain.com and/or soliciting funds,” reads the email.
Some sample titles of fraudulent emails included “Login from new IP address,” and “Blockchain ICO Presale”. The firm advises recipients to disregard such emails, alongside any email that ever solicits one’s funds. “Blockchain.com will never send you an email asking for your password or soliciting funds for illegitimate activities,” continued the company.
SendGrid is a customer communication platform that offers email marketing services. As BlockchainCom explains, it used SendGrid’s services to send emails to its customers. However, an unauthorized party was able to access the exchange’s email list after compromising a Twilio employee account. Twilio is the parent company of SendGrid.
SendGrid’s access point has been closed off since the breach. BlockchainCom says users don’t need to take any specific action at this time but are advised to reach out if they encounter more suspicious emails. “Never share your Secret Private Key Recovery Phrase,” they added.
But Scam messages are growing more sophisticated over time. Many crypto users today are falling prey to scams whereby the hacker forfeits his own private key.
Samczsun – the Head of Security at Paradigm – outlined a social media scam this month that could steal users’ crypto within just three clicks.
BlockchainCom and 3AC
Earlier this month, BlockchainCom CEO Peter Smith revealed that his firm held 270 million in exposure to Three Arrows Capital. The hedge fund was ordered to liquidate by a British Virgin Island Court late last month, from which BlockchainCom seeks to recoup its losses.
“We believe Three Arrows Capital defrauded the crypto industry and intend to hold them accountable to the fullest extent of the law,” read a company statement at the time.
Though the company remains functional, it was also forced to lay off 25% of staff last week due to the crypto winter.