Attacked Blockfolio To Spend Up To USD 10M on Fixing Damage
Popular crypto portfolio tracker and trading app Blockfolio claims they are nearly back to business as usual and are offering up to USD 10 million in credits following this morning's scandalous attack. (Updated at 13:10 UTC: with additional comment by FTX CEO.)
FTX CEO Sam Bankman-Fried said that an unnamed competing exchange is behind this attack.
Blockfolio, which was acquired by crypto derivatives exchange FTX last year, has issued a couple of statements this morning (UTC time), profusely apologizing for the "offensive messages" posted on the tracker. Though there is no confirmation that it was in fact a hack as many commenters presume, Blockfolio has announced that, following the incident that had occurred this morning,
"the tracking parts of the app are coming back online momentarily [and] all Blockfolio users with trading enabled have been credited with [USD] 10 free, as will anyone else who signs up this week (max 1m people)."
The hack has left many in the Cryptoverse baffled after users started reporting receiving numerous push notifications, stating that all services would be closed to "all black people," using the derogatory N-word as well, "with immediate loss of all funds."
Super wild. pic.twitter.com/sKijJWY5ma— Christopher Perceptions (@CMPGFB) February 9, 2021
And while it initially appeared that it was Blockfolio's notification system that was breached, users quickly noticed other changes being made to the tracker, such as altering the coins' names and logos to offensive words and images.
Per Blockfolio's tweets:
- the only infected portion was the displayed information;
- no funds were affected;
- there was no interaction with any trading features;
- the access to the compromised Signal submitter has been revoked;
- and the messages have been removed.
Sam Bankman-Fried tweeted that "the affected portion was around display and news/Signal," that no member of the Blockfolio team wanted this to occur, but that they are all responsible, and that he'd be leading a security review over the next month "of the old, non-trading-related parts of Blockfolio to bring them in line with the standards set by trading, and by FTX more generally."
4) We're giving $10 to every trading in Blockfolio user, and the next ones who sign up this week.— SBF (@SBF_Alameda) February 9, 2021
If any user was personally impacted by push notifications from the app, they will of course be included as well.
But it seems that all these messages haven't reassured quite a few people. There are those reporting that they still can't trade, arguing that, therefore, trading has been affected, while others are more worried about a potential exploitation of users data. Some are even mentioning the hardware wallet manufacturer Ledger's major user data breach in this context, saying "hope this doesn't end a la Ledger."
That said, there also those who see this as just "a ddos spam attck for God's sake" that shouldn't be blown out of proportion.
Yearn's YFI Drops Following a USD 11M-Heavy Exploit
Crypto Security in 2021: More Threats Against DeFi and Individual Users
Ledger Promises Funds Insurance As Client Data Leak Expands