Cyber Incident Victim: Keybase
Date:
Dec 2019
Location:
United States of America
Summary
Keybase terminated its free Lumens cryptocurrency distribution initiative prematurely due to an overwhelming surge of spam and fraudulent account registrations, which exceeded the platform's operational capacity. The final allocation of 100 million Lumens brought the total giveaway to 300 million units (valued at approximately $16 million), with legitimate users receiving their remaining disbursements within a week. Concurrently, the service accelerated anti-spam measures by closing new registrations and announced plans to introduce a restrictive "walled garden" feature, enabling users to block unsolicited messages, team invites, and follower requests unless pre-existing connections exist.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Keybase terminated its Stellar Space Drop cryptocurrency distribution program prematurely in December 2019 due to unsustainable volumes of spam account creation targeting the initiative. On December 13, Keybase notified users that the final Lumens (XLM) disbursement would occur the following week, concluding a giveaway originally planned to distribute 300 million XLM tokens valued at approximately $16 million. The company cited an overwhelming surge in fake and spam-driven registrations that exceeded its operational capacity to manage. This influx directly correlated with the cryptocurrency promotion, compelling Keybase to cease new account registrations and accelerate the program's end date. Legitimate participants enrolled prior to the registration closure were assured receipt of their remaining XLM allocations during the final distribution window. The decision followed earlier user reports of increased spam activity within Keybase's communication platforms, which developers acknowledged as problematic but not yet critical prior to the spam tsunami.
Keybase's operational response focused on containment through access restrictions and accelerated payout timelines. Immediate measures included disabling new account creation to stem further fraudulent enrollments and compressing the remaining distribution schedule to complete all legitimate transactions within one week. Concurrently, developers announced forthcoming platform enhancements to address persistent spam challenges, including a "nuclear" chat setting scheduled for release within approximately one month. This user-configurable feature would enable strict communication controls by restricting messages, team additions, and follower interactions exclusively to pre-approved contacts or existing team members. The incident's financial impact included the full distribution of the earmarked 300 million XLM, while reputational and operational consequences centered on disrupted user onboarding and accelerated anti-abuse feature development timelines. No data breaches or system compromises beyond the spam account proliferation were disclosed in relation to the incident.