Business and legal services provider Kroll said it’s cooperating with federal law enforcement after a hacker gained access to files that may have contained personal information for customers of bankrupt crypto platforms FTX, BlockFi Inc. and Genesis Global Holdco.
Kroll said Friday it appears the attack occurred on or about August 19 and that the company is cooperating with the Federal Bureau of Investigation. Kroll took immediate action to secure the three affected accounts and “a full investigation is underway,” the company said in a statement.
The hacker appears to have accessed files on Kroll’s cloud system that may have contained customer names, addresses, emails and other information on claims creditors have with the three crypto firms, the company said.
An attacker used a so-called “SIM swap” attack to gain access to a Kroll employee’s T-Mobile mobile phone number, Kroll said. Generally, such scams involves someone taking over a target’s phone number by getting a phone service provider to transfers numbers to phones the attacker controls. Kroll and a handful of other private companies provide administrative services to companies in Chapter 11.
Kroll said it has no evidence to suggest its other systems were impacted in the hack and warned customers of Genesis, FTX and BlockFi about potential phishing scams that could seek unauthorized access to their crypto wallets.
FTX said in a series of posts on social-media platform X it was monitoring the situation and that the crypto platform’s own systems weren’t impacted. BlockFi and its creditor committee said it was working with the company and Kroll to understand the situation and that neither its own systems nor client funds weren’t impacted in the attack. Genesis’s creditor committee referred customers to court papers about the incident.
Kroll sent more than 700 Genesis creditors information about the attack via email Thursday, according to court documents.
The attack is the latest scam targeting customers of bankrupt crypto firms. Customers of bankrupt crypto platform Voyager Digital Holdings have been hit with various scams designed to gain access to their accounts, company lawyers have told the judge overseeing the Chapter 11 case. Typically, the scammers set up a fake website that claims Voyager customers can increase their payout by linking their non-Voyager crypto wallets to a new account. Once the new account is created, the non-Voyager wallets are drained, Voyager lawyers said earlier this month.
Judge Michael Kaplan, who is overseeing the BlockFi bankruptcy, said last month he was inclined to keep customer names under seal because of concerns that they could be targeted by scammers. Judge Kaplan said accounts he had used to learn about crypto had been flooded with spam messages and dubious offers to unlock crypto accounts frozen in bankruptcy.
Representatives for BlockFi and T-Mobile didn’t immediately respond to requests for comment. FTX referred to its posts on X. Lawyers for Genesis didn’t immediately comment on the incident.
--With assistance from Steven Church.