What Can Crypto Crisis Managers Learn From BlockFi's Silence & tBTC's Openness?
A crisis will inevitably happen for any company - but how it reacts to it and communicates it to the public can make or break it. Let's take a look at how two different teams in the Cryptoverse communicated their recent incidents and what advice communication professionals offered.
BlockFi: head-in-the-sand (almost)
On May 19 it was reported that crypto lender BlockFi suffered a data breach, saying in an incident report that the attacker attempted to make unauthorized withdrawals of client funds on May 14, but only managed to access clients' personal information. They added that they believe there's no immediate risk to BlockFi clients or company funds, that the clients may experience more security checks in the withdrawal process, urged their clients to turn two-factor authentication and Whitelisting, and went on to describe their response, stating that they'll continue "to provide clear and transparent communication."
On May 20, BlockFi's PR person told Cryptonews.com that "all affected clients were informed about the breach yesterday when it became public on Tuesday morning at 8:30 AM EST directly via email." If this is true, for five days, affected customers were not aware that the hacker accessed their personal information such as name, email, date of birth, physical address and activity history. The company has not responded to other questions sent by Cryptonews.com.
The major crypto lender has faced criticism for their lack of communication regarding this event, not announcing it immediately, and on all of their available channels for easy access and distribution.
When it comes to their website, the company published a post on "How to Keep Yourself Safe from Cyberattacks" on May 18. At the time of writing, we could not find any information on this incident on their Twitter account, Medium, nor CEO Zac Prince's Twitter account.
Promoters and supporters of the company were criticized as well.
BlockFi is backed by investors including Mike Novogratz’s Galaxy Digital Ventures and Anthony Pompliano’s Morgan Creek Digital. On their popular Twitter profiles, Novogratz and Pompliano have not mentioned the incident.
Thesis & tBTC case: multiple updates on multiple channels
On May 18, a bridge between Bitcoin (BTC) and Ethereum (ETH) was sunk by its creators, so to say. Created by venture production studio Thesis, this project is meant to allow BTC owners to access decentralized financial applications that run on Ethereum, turning their coins into the tBTC token. Yet, just two days after it was launched on the mainnet, Thesis founder Matt Luongo announced that the project was halted.
Though the discussion on the project's merits continue - joined by Ethereum co-founder Vitalik Buterin - and the project itself has faced criticism, the teams' response to the crisis did not. Luongo, whose Twitter account seems to be the primary point of communication for this project, said at the time that the issue was discovered early, red lever pulled to stop further problems, deposits halted for ten days, and that users were being helped to drain funds. (Luongo hadn't replied to our request for comment sent on May 18.)
On May 20, Luongo announced that the team published an incident analysis (on Keep's Medium channel though (Keep is a privacy layer for public blockchains by Thesis)). It explains that there was an issue with Bitcoin script supporting certain BTC addressees, leading to a problem in "the redemption flow of deposit contracts that put signer bonds for open deposits at risk of liquidation." They went on to provide a detailed explanation, technical description, bug fix, incident timeline, steps taken and steps to be taken.
On May 22, Thesis published an update, saying that the funds were returned safely, that they're moving to a release candidate strategy and outlining steps that will lead to the re-launch of tBTC.
Handling crisis comms situations
"In a crisis communication situation like this, regular, up-to-date and constant communication with customers is vital," Samantha Yap founder and CEO of PR firm with a focus on fintech, blockchain and cryptocurrency startups YAP Global, told Cryptonews.com on how crisis situation should generally be handled. She said:
- A data breach is a serious issue regardless of whether funds have been compromised or not; affected customers should be notified directly and immediately.
- The company should acknowledge the situation and its severity when it happens, demonstrating that they are taking the matter seriously.
- While there may be security reasons to wait several days to reveal a data breach to the public, the company should still explain why there is a delay and how they're dealing with the breach, or they risk the trust to be compromised, and customers will begin to question the safety of their data and funds.
- The company should reassure their customers and community that they are doing everything they can to fix the problem, which will help to build back a bit more trust that has been undermined.
"When these crises do occur (and they do regularly), it is always easy to look back and think what might have happened if the communication actions taken were different," commented Angus Campbell, Director at Nominis, a specialist corporate and financial communications agency. "By taking no action or being late to act, such events always lead to more questions about appropriateness and generally lead to a bad outcome, than if a company was to move quickly to communicate to outside stakeholders."
Lack of proper reaction will negatively affect an organization's reputation, said Campbell, "and people will start to ask if they aren't good enough to deal with the fallout of a crisis, then are they good enough to have my business?"
"This is why crisis preparedness is so important. Every firm should have a crisis communications action plan in place and the golden rule above all is to communicate at the first available moment. This means you are being proactive in your actions and response and acting in all your stakeholders' best interests, which can greatly help in the aftermath," he stressed.
In either case, it seems that not all crypto companies are learning from the mistakes of others. Last year, major crypto company Coinbase was also criticized for their actions and lack of communication during the Neutrino crisis that lead to a campaign on social media with the hashtag #DeleteCoinbase.