World Consulting Security Consulting Services, Kroll, has revealed that one of its employees fell victim to a SIM-SWApping attack, resulting in a leakage of user data from various cryptocurrency platforms that the company collaborates with.
Both the cryptocurrency creditor Blockfi and the previously bankrupt FTX trading platform have reported a breach in data security due to the recent attack by a KROLL employee, who was involved in the bankruptcy proceedings of both companies.
In an official statement released by Kroll, it was mentioned that on August 19, 2023, the company’s employee was targeted in an attack that exploited his phone number on the T-Mobile network. “T-Mobile transferred our employee’s number to the attackers without any notification or authorization from Kroll,” the statement states. Consequently, the attackers gained access to files containing personal information of customers from Blockfi, FTX, and Genesis.
The SIM-SWApping attack against a Kroll employee has raised the risk for customers of Blockfi, FTX, and Genesis to potentially become victims of similar attacks or phishing attempts. Some clients have already reported receiving suspicious emails urging them to initiate the withdrawal of digital assets from their FTX accounts.
Although Kroll primarily operates in the realm of cyber risk management for organizations, the company’s investigation into this security breach reveals that its employees seemingly did not consider the risks associated with relying on T-Mobile for wireless communication.
The Kroll attack serves as a reminder of the necessity to lessen dependence on mobile operators in matters related to security. For instance, several online services require users to provide a phone number during the registration process, but this number can often be subsequently removed from the profile.