BlockFi users have been attacked by a “malicious actor” with “vulgar and racist” terms, as the first and last names for the fake accounts that resulted in about 500 emails containing offensive language being sent out automatically before BlockFi caught on to the problem and halted registrations altogether.
It has been reported that according to employees of the company, a single attacker began the registration process for more than 1,000 fake accounts on March 7, using email addresses belonging to real users.
I received an email from @BlockFi this weekend asking me to confirm my account (which I never signed up for in the first place). When I opened the email, it began with: "Hi **n-word**," except of course this most violent racial slur was spelled out fully (1/*) — Sara Sheridan (@SaraSheridan14) March 8, 2021
Philadelphia-based journalist Sara Sheridan said:
“I am the farthest thing from a crypto investor. I never even heard of BlockFi before receiving an email addressing me as a racial slur.”
However, Zac Prince, the CEO of BlockFi, initially described the attack as a “technical issue with the new account signup workflow” before unveiling the full scope of what had happened in yesterday’s Forbes article.
1/ We are temporarily pausing new signups for @BlockFi. Existing clients continue to have full access to the platform and everything other than new sign ups is operating normally. We experienced a minor — Zac Prince (@BlockFiZac) March 8, 2021
The report said that a similar attack was reported by crypto derivatives exchange FTX last month, as attackers managed to trick the feed from Blockfolio’s Signal app, a product acquired by FTX in August 2020, into displaying racist messages.
Likewise, Sam Bankman-Fried (SBF), the CEO of FTX, believes the attack was done by a competitor.
Some BlockFi customers reported not being able to access the company’s website altogether after a scheduled maintenance period which had concluded earlier in the day, on March 7, but the matter may be unrelated to the attack.
@BlockFiZac Is this getting fixed? I cannot login? Help us! pic.twitter.com/ayjBrlSP62 — adamfalah (@adamfalah19) March 9, 2021
As per the sources, visitors to the BlockFi website are currently met with a message clarifying that while registration remains closed, pre-existing BlockFi clients continue to have full access to the platform. The attack BlockFi’s problems come at a critical time for the three-year-old company as it is currently attempting to close a round of funding that will bring its valuation to approx. $3 billion.
The crypto-assets lender has attracted over $100 million in venture capital thus far, including contributions from Coinbase Ventures and Winklevoss Capital.
Thus, in May 2020, BlockFi suffered a data breach in which the full names, addresses, and dates of birth of customers were compromised.