Hackers stole customer data of the Celsius Network lending platform

Cryptocurrency platform Celsius Network discovered a leak of personal data of its customers through one of the third-party service providers. Some clients of the platform received phishing emails.

According to a letter sent to the media by Celsius, the hackers gained access to a “third-party email distribution system” that Celsius uses. The attackers used this information to send fraudulent emails and messages to Celsius customers to trick them into revealing the private keys to their cryptoassets.

“On April 14, 2021, Celsius customers began reporting a fraudulent website claiming to be the official Celsius platform. We also learned that some Celsius customers received SMS and e-mails claiming that this was an official Celsius message with a link to a fraudulent site where users were prompted to enter confidential information, ”the letter said.

According to the company, the hackers managed to gain access to a backup third-party email distribution system that was connected to a partial list of customers’ email addresses. Once inside the system, the scammers sent messages to some of Celsius’s clients.

Screenshot of one of the phishing messages sent to Celsius customers.

The Celsius team is investigating the incident to figure out how the hackers gained access to customers’ phone numbers, given that the hack occurred in an email management system. Notably, Celsius customers report receiving phishing messages on phone numbers they never provided to Celsius.

Rival Celsius BlockFi suffered a similar data breach last spring. In July 2020, Ledger reported a breach in its marketing database, leading to the release of a million emails and some customer personal documents. The compromised database was later put up for sale online, and people began to complain about fraudulent emails.