[BreachExchange] Crypto Lending Service, Celsius Suffers Third Party Data Breach

Destry Winant destry at riskbasedsecurity.com
Tue Apr 20 10:26:17 EDT 2021


https://www.ehackingnews.com/2021/04/crypto-lending-service-celsius-suffers.html

Cryptocurrency rewards portal, Celsius has witnessed a data breach,
with the personal details of its clients disclosed by a third-party
services provider that resulted in a phishing attack, as confirmed in
the email sent out to the Celsius clients.

Celsius CEO Alex Mashinsky indicated that perhaps the third-party
commercialization server of Celsius has been hacked and threat actors
acquired access to a partial Celsius client list. The hackers used
this knowledge to send Celsius clients malicious e-mails and text
messages to reveal their secret keys.

"An unauthorized party managed to gain access to a backup third-party
email distribution system which had connections to a partial customer
email list. Once inside the system, this unauthorized party sent a
fraudulent email announcement, of which we know some of the recipients
to be Celsius customers," sources noted.

The breach was intended to make clients believe that the malicious
email originated from Celsius, also that the malicious website was a
Celsius Website, and that they had their own (non-Celsius) wallet
possession of the recipients' assets by encouraging the client to
provide their private wallet address. The actors behind the attack
caught up with Celsius Networks in phishing texts and emails promoting
a new Celsius Web Wallet after accessing the customer list. To
encourage people to visit the website, the Celsius text says, when
they build a wallet and enter a certain promotion code, they will
offer $500 for the CEL cryptocurrency. After clicking on the mentioned
link, clients were asked to build a Celsius Web Wallet by the
celsiuswallet[.]network website, which is now closed. Furthermore,
Celsius users complained that phishing messages are received on phone
numbers they have never sent to Celsius.


The issue came to light on 14th April 2021 when clients from Celsius
started reporting about a fake website claiming to be the Celsius
official portal. The company has also notified some Celsius customers
receiving SMS and emails claiming to be Celsius officials, referring
to this website and encouraging recipients to enter confidential
details according to their source. Meanwhile, the team also examined
how hackers accessed Celsius customer telephone numbers because of the
breach in an email management system.

Nevertheless, some of the Celsius employees had the encouraging
concept in response to recent incidents of setting up a compensation
fund to help people who might have lost cryptocurrency assets.


More information about the BreachExchange mailing list