Cyber Incident Victim: BlockFi
Date:
May 2020
Location:
United States of America
Summary
A cryptocurrency lending platform experienced a data breach after attackers executed a SIM card swap targeting an employee, compromising verification credentials to access client records. While no financial account details or passwords were exposed, the attackers obtained customer names, email addresses, birth dates, physical addresses, and account activity information. Although direct fund withdrawal attempts failed, the stolen data creates risks of extortion and physical theft by enabling criminals to identify and target high-value clients. The company confirmed no immediate threat to customer funds but acknowledged the potential for misuse of the leaked personal details to facilitate targeted crimes against affected individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 19, 2020, cryptocurrency lending platform BlockFi disclosed a data breach resulting from a SIM card swap attack targeting one of its employees. The incident, which occurred approximately five days earlier, involved unauthorized actors compromising the employee’s phone number and email account used for verification procedures. This access enabled the attackers to infiltrate BlockFi’s client records. The breach methodology exploited vulnerabilities in telecommunications networks, often involving collusion with network operator personnel or external intrusion techniques. While SIM swap attacks historically targeted cryptocurrency exchange customers directly, this incident marked a deviation by focusing on an employee to gain institutional data access. BlockFi confirmed the attackers attempted but failed to withdraw customer funds during the breach.
The compromised data included clients’ full names, email addresses, dates of birth, physical addresses, and platform activity histories. BlockFi clarified that no non-public identification details—such as bank account numbers, Social Security numbers, or passwords—were exposed. The company asserted no immediate risk to customer funds or platform security due to the nature of the leaked information. However, the combination of physical addresses and activity data created potential risks of extortion or physical theft, as criminals could identify and target high-net-worth clients. BlockFi’s incident report stated no evidence suggested ongoing tampering with the accessed data post-breach. The company did not specify the number of affected clients or detail technical containment measures beyond confirming the thwarted withdrawal attempts.