This week’s temporary closure of registrations for the leading cryptocurrency lending and borrowing application BlockFi was led by an attack by a “malicious actor” consistent with Forbes.
In line with the employees of the firm, one attacker began the registration process for more than 1k fake accounts on 7th Mar., using email addresses belonging to real users.
The attacker entered “vulgar and racist” terms as the first and last names for the fake accounts that resulted in about 500 emails containing offensive language being sent out automatically before BlockFi caught on to the matter and halted registrations altogether.
“I am the farthest thing from a cryptocurrency investor,” tweeted Philadelphia-based journalist Sara Sheridan altogether caps on 8th Mar. “I never even heard of BlockFi before receiving an email addressing me as a racial slur.”
The CEO of BlockFi, Zac Prince, primarily described the attack as a “technical issue with the new account signup workflow” before unveiling the complete scope of what had happened in today’s Forbes article.
A similar attack was reported by cryptocurrency derivatives exchange FTX last month. Attackers managed to trick the feed from Blockfolio’s Signal app, a product acquired by FTX launched earlier in Aug. last year, into displaying racist messages. FTX CEO Sam Bankman-Fried believes the attack was done by a competitor.
Some BlockFi users reported not having the ability to access the firm’s website altogether following a care period that had concluded earlier within the day, on 7th Mar., but the matter could also be unrelated to the attack.
Visitors to the BlockFi website are presently met with a message clarifying that while registration remains closed, pre-existing BlockFi clients still have full access to the platform.
The attack BlockFi’s problems come at a critical time for the 3-year past company as it is presently attempting to shut a round of funding that will bring its valuation to approx. $3 Bln. The cryptocurrencies lender has attracted over $100 Mln in capital investments so far, along with contributions from Coinbase Ventures and Winklevoss Capital.
Earlier in May last year, BlockFi suffered a cybersecurity breach within which the names, addresses, and dates of birth of users were compromised.