BlockFi users targeted in ‘racist and vulgar’ email attack
According to company employees, a single attacker initiated the process of registering more than 1,000 fake accounts on March 7, using email addresses belonging to real users.
The attacker entered “vulgar and racist” terms as the first and last name for the fake accounts, which resulted in around 500 emails containing offensive language being automatically sent before BlockFi detected the issue and does not completely interrupt registrations.
I received an email from @BlockFi this weekend by asking me to confirm my account (which I never signed up for in the first place). When I opened the email it started with: “Hi ** n-word **”, except of course that the most violent racial slurs was fully spelled out (1 / *)
– Sara Sheridan (@ SaraSheridan14) March 8, 2021
“I am the furthest thing from a crypto investor”, tweeted Philadelphia-based reporter Sara Sheridan in all caps on March 8. “I never even heard of BlockFi until I got an email addressed to me as a racial insult.”
Zac Prince, CEO of BlockFi, initially described the attack as a “technical issue with the new account enrollment workflow” before exposing the full significance of what happened in today’s Forbes article.
1 / We are temporarily suspending new registrations for @BlockFi. Existing customers continue to have full access to the platform and anything other than new registrations is functioning normally. We lived a minor
– Zac Prince (@BlockFiZac) March 8, 2021
A similar attack was reported by the FTX crypto derivatives exchange last month. The attackers managed to trick the flow of Blockfolio’s Signal app, a product acquired by FTX in August 2020, by displaying racist messages. FTX CEO Sam Bankman-Fried believes the attack was carried out by a competitor.
– adamfalah (@ adamfalah19) March 9, 2021
BlockFi visitors website are currently receiving a message that even though registration remains closed, pre-existing BlockFi customers continue to have full access to the platform.
The Attack BlockFi’s troubles come at a critical time for the three-year-old company as it is currently trying to close a funding round that will take its valuation to approx. $ 3 billion. The crypto asset lender has so far attracted more than $ 100 million in venture capital, including contributions from Coinbase Ventures and Winklevoss Capital.
As of May 2020, BlockFi suffered a data breach in which the full names, addresses and dates of birth of customers have been compromised.