Celsius Email System Suffers Security Breach
Clients Are Being Targeted with Phishing Attacks Claiming They’ll Be Offered $500 If They Create A New Web Wallet.
Blockchain-based marketplace platform Celsius disclosed it has suffered a security breach with one of its third-party service providers. The breach exposed the personal information of its customers, leading to phishing attacks.
According to their official statement, threat actors gained access to a “third-party email distribution system” Celsius users. The hackers have used this information to send fraudulent emails and text messages to Celsius to trick them into revealing the private keys to their funds.
Celsius founder and CEO, Alex Mashinsky stated that
On April 14, 2021, (…) an unauthorized party managed to gain access to a back-up third-party email distribution system which had connections to a partial customer email list. Once inside the system, this unauthorized party sent a fraudulent email announcement, of which we know some of the recipients to be Celsius customers.
The intent was to make the recipients believe the fraudulent email came from Celsius, that the fraudulent site was a true Celsius site, and to take ownership of recipients’ cryptocurrency assets from their personal (non-Celsius) wallet by prompting the user to provide the seed phrase to their personal wallet address.
An April 15th update says that as an aftermath of the security breach, some Celsius customers have received emails and texts directing them to a malicious website masquerading as the Celsius platform. The posts claim the link would direct them to a new Celsius web wallet, claiming to offer $500 to users who create a wallet using the link.
Image Source: Twitter
When accessed, the fraudulent link prompts users to provide the start phrase to their personal wallets, allowing hackers to drain their funds. What’s more, clients say they are receiving phishing messages to phone numbers that they never provided to Celsius.
Image Source: Twitter
The team is still investigating how the hackers gained access to the phone numbers of Celsius’ clients, considering the security breach occurred with an email management system.
If you want to help the @CelsiusNetwork community victims of the scam to give their Metamask & Ledger seed phrase we published BTC & ETH addresses in this update.
Celsius will match all contributed funds to make sure we help the ones who need most helphttps://t.co/dnEU4KZxyo— Alex Mashinsky ©️ (@Mashinsky) April 16, 2021
If you received any of the fraudulent messages, Celsius advises you to:
- Report the message as spam
- Do not click any links
- Do not provide any personal or confidential information
- Keep 2FA enforced on all your accounts
- Update your account credentials regularly
- Check if your information has been shared in any recent data leaks