- Unauthorized access to a Kroll employee’s mobile phone led to a breach in FTX’s non-sensitive user data.
- FTX assured that its own systems were unaffected, and Kroll acted quickly to investigate.
- FTX users dont need to change their passwords since that was not maintained by Kroll.
A cybersecurity incident involving Kroll, the bankruptcy claims agent for the collapsed cryptocurrency exchange FTX, has compromised certain non-sensitive user data. The breach has raised concerns among claimants and stakeholders, prompting immediate action from both Kroll and FTX.
FTX addressed the incident in an official statement on X, stating:
The incident occurred when an unauthorized third party gained control of a mobile phone number belonging to a Kroll employee. This unauthorized access allowed the attacker to gain entry to files in the company’s cloud-based systems, which contained the personal information of some claimants. The compromised data included names, addresses, email addresses, and balances in their FTX accounts.
Upon becoming aware of the incident, Kroll acted quickly to secure the impacted account and launched an investigation. The exact timing of when the agent learned about the incident has not been disclosed. Claimants have been advised to remain alert for potential scams, as the attacker might use the information to send phishing emails, attempting to exploit the situation further.
FTX has assured claimants that account passwords were not maintained by Kroll and that its own systems were not affected by the breach. The firm has issued a warning to claimants to “remain on high alert for attempted fraud and scam emails impersonating parties in the bankruptcy.”
The incident also had repercussions for BlockFi, another bankrupt crypto firm. BlockFi revealed that it only learned of the incident on Wednesday, adding that Kroll had confirmed unauthorized access to certain BlockFi client data housed on Kroll’s platform. However, BlockFi’s internal systems and client funds were not impacted, maintaining the integrity of their operations.
The exact nature of the compromised data remains uncertain, but FTX has suggested that users do not need to change their private information at this time. In an email obtained by a FTX claimant, Kroll detailed the incident, explaining that an unauthorized individual managed to take control of a Kroll employee’s mobile phone number, subsequently accessing files in the company’s cloud-based systems.
This incident is not the first time FTX has been associated with security concerns. FTX disclosed earlier in January that a hack had led to the theft of $415 million in cryptocurrency from the exchange’s accounts. This amount constituted a significant part of the assets that the company aimed to recuperate. At the time of the theft, the value of the stolen cryptocurrency was estimated to be $477 million, as analyzed by the blockchain analytics company Elliptic.