6.8% of Nansen’s Third-party Vendor Impacted By Cyber Attack – What Happened?
On-chain insights platform Nansen has revealed that a third-party vendor’s system has been compromised. As a result, about 6.8% of the customers’ data have been affected.
🚨 Important update from us at Nansen. Please take a moment to read this. pic.twitter.com/syKE0sNnC6
— Nansen 🧭 (@nansen_ai) September 22, 2023
Providing more details, the blockchain analytics platform stated that the event occurred on September 20, but it declined to mention the vendor impacted by the security breach.
In a brief description, Nansen revealed that the affected vendor was an established company that secured customer data for Fortune companies.
The security breach led to the customer’s data being compromised. According to the blockchain software firm, the cyber attack granted the intruders administrative rights to an account used to “provision customer access” to its platform.
Given this, their email addresses, the users’ password hashes, and their blockchain wallet addresses were exposed on the internet. The affected customers have been duly informed of the security incident and instructed to change their passwords.
Despite not naming the impacted party publicly, Nansen has instructed the vendor to release a public statement momentarily.
Payment Info Also Leaked?
Nansen is a prominent blockchain analytics platform that provides on-chain insights on key blockchain protocols in the fast-growing crypto landscape.
In 2021, Nansen raised $12 million from investors such as Andreessen Horowitz (a16z) and Coinbase Ventures. The blockchain analytics startup’s services are highly sought after by cryptocurrency investors and blockchain-focused funds, including Pantera Capital and Defiance Capital.
The platform recently launched its newer version called Nansen 2, which is currently in beta mode.
While it did not state if the security breach impacted customers’ payment details, some X users have reported compromised payment details.
An X (formerly known as Twitter) user with the designation Nick Bax.eth (@bax1337) stated that his PrivacyHQ credit card, which he only used for a single payment on the Nansen platform, was impacted.
He shared a screenshot of the email forwarded from the analytics platform regarding his compromised payment information.
@nansen_ai just sent out a data breach notification.
— Nick Bax.eth (@bax1337) September 22, 2023
My @PrivacyHQ credit card, *only* used for a single nansen payment, got used back in July.
Always use disposable e-mails (@simplelogin) and credit cards to register for everything, especially crypto-related stuff. pic.twitter.com/GXymTdy0no
Meanwhile, other internet users have called out the platform for poor security measures in safeguarding customers’ data.
Nansen hacked.
— Mikko Ohtamaa (@moo9000) September 22, 2023
A classical "we used a shitty service provider, sorry" story. https://t.co/iUavO0DgyH
Another group of users mentioned that Nansen’s customers’ payment details may have leaked despite the blockchain service intentionally omitting that detail.
#ALERT 🚨 @nansen_ai has been breached, reports show third party vendor may have access to confidential card information used to pay for Nansen services.
— FastFoodRembrandt.onion (@solminingpunk) September 22, 2023
REMOVE AND DISPUTE ALL CHARGES. #CyberSecurity #infosec #crypto #web3 https://t.co/osnfdas57E
Cyberattacks in crypto have become more rampant as the years have rolled by. With increasing liquidity entering the nascent industry, investors have lost billions of dollars to cybercriminals taking advantage of weak security protocols.
Since the beginning of the year, crypto criminals have stolen over $380 million, according to a CipherTrace report.
