Crypto Lending Service, Celsius Suffers Third Party Data Breach

 

Cryptocurrency rewards portal, Celsius has witnessed a data breach, with the personal details of its clients disclosed by a third-party services provider that resulted in a phishing attack, as confirmed in the email sent out to the Celsius clients. 

Celsius CEO Alex Mashinsky indicated that perhaps the third-party commercialization server of Celsius has been hacked and threat actors acquired access to a partial Celsius client list. The hackers used this knowledge to send Celsius clients malicious e-mails and text messages to reveal their secret keys. 

"An unauthorized party managed to gain access to a backup third-party email distribution system which had connections to a partial customer email list. Once inside the system, this unauthorized party sent a fraudulent email announcement, of which we know some of the recipients to be Celsius customers," sources noted.

The breach was intended to make clients believe that the malicious email originated from Celsius, also that the malicious website was a Celsius Website, and that they had their own (non-Celsius) wallet possession of the recipients' assets by encouraging the client to provide their private wallet address. The actors behind the attack caught up with Celsius Networks in phishing texts and emails promoting a new Celsius Web Wallet after accessing the customer list. To encourage people to visit the website, the Celsius text says, when they build a wallet and enter a certain promotion code, they will offer $500 for the CEL cryptocurrency. After clicking on the mentioned link, clients were asked to build a Celsius Web Wallet by the celsiuswallet[.]network website, which is now closed. Furthermore, Celsius users complained that phishing messages are received on phone numbers they have never sent to Celsius. 


The issue came to light on 14th April 2021 when clients from Celsius started reporting about a fake website claiming to be the Celsius official portal. The company has also notified some Celsius customers receiving SMS and emails claiming to be Celsius officials, referring to this website and encouraging recipients to enter confidential details according to their source. Meanwhile, the team also examined how hackers accessed Celsius customer telephone numbers because of the breach in an email management system. 

Nevertheless, some of the Celsius employees had the encouraging concept in response to recent incidents of setting up a compensation fund to help people who might have lost cryptocurrency assets.