Major New York cryptocurrency exchange BlockFi hacked using the SIM Swap technique, data of Bitcoin traders and users leaked.
The New York-based cryptocurrency exchange, BlockFi reported on Tuesday that it suffered a hacking attack. The hackers may have access to the physical address and contact information of BlockFi traders and customers. The hack may put some of its clients in physical danger.
BlockFi said the hackers used a SIM card swap attack to hack the smartphone of one of its employees. The hackers than successfully stole the email account and phone number used for the employee’s account verification procedure, which allowed them to access BlockFi’s records.
What is a SIM swap attack
A SIM swap aka simjacking attack takes advantage of network operators’ vulnerabilities and targets the weakness in two-factor authentication and two-step verification. The hackers get the victims’ personal details either by use of phishing emails or by buying them from dark web hacker forums. The fraud exploits a mobile phone service provider’s ability to seamlessly port a telephone number to a device containing a different subscriber identity module (SIM). Hackers use this feature by reporting a lost smartphone to the network operator and get a new SIM. They then exploit the 2FA to confirm the SIM and access the users’ email and other accounts once it is done.
According to BlockFi, the hackers first tried to withdraw customer funds directly from the exchange but their attempts were not successful. The hackers then proceeded to steal client data stored on BlockFi servers. The unknown hackers gained access to some of its retail marketing systems for just over an hour early on May 14.
According to BlockFi, the hacker accessed confidential data such as names, dates of birth, postal addresses, and activity histories but was unable to withdraw user funds or access other sensitive account information including bank account details, Social Security, and tax identification numbers.
The hacking can expose BlockFi users to extortion, stalking, and even physical danger.
In an unrelated news another big exchange, BitMEX, formerly the largest bitcoin derivatives exchange measured by open interest, went down on Tuesday, according to the exchange’s status page. The exchange managers are investigating the issue.