Coindesk Logo

Celsius Suffers Third-Party Data Breach, Customers Report Phishing Texts, Emails

Celsius Suffers Third-Party Data Breach, Customers Report Phishing Texts, Emails

Celsius Suffers Third-Party Data Breach, Customers Report Phishing Texts, Emails

The crypto lender's data leak comes almost a year to the date after a similar data leak hit BlockFi.

The crypto lender's data leak comes almost a year to the date after a similar data leak hit BlockFi.

The crypto lender's data leak comes almost a year to the date after a similar data leak hit BlockFi.

AccessTimeIconApr 15, 2021, 4:31 PM
Updated Aug 19, 2021, 8:48 AM

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Crypto lending service Celsius has discovered a data breach with one of its third-party service providers has exposed the personal information of its customers, an email sent to Celsius customers and shared with CoinDesk confirms.

Hackers gained access to a “third-party email distribution system” Celsius uses, according to the email. The hackers have used this information to send fraudulent emails and text messages to Celsius to trick them into revealing the private keys to their funds.

“On April 14, 2021, Celsius customers began reporting a fraudulent website claiming to be an official Celsius platform. We also became aware of some Celsius customers receiving SMS and email messages, that claimed to be official Celsius communication, linking to that website, and prompting recipients to enter sensitive information,” the email reads.

“An unauthorized party managed to gain access to a back-up third-party email distribution system which had connections to a partial customer email list. Once inside the system, this unauthorized party sent a fraudulent email announcement, of which we know some of the recipients to be Celsius customers.”

A copy of one of the phishing text messages sent to Celsius clients.

The team is still investigating how the hackers gained access to the phone numbers of Celsius' clients, considering the breach occurred with an email management system.

Notably, Celsius clients report receiving phishing messages to phone numbers that they never provided to Celsius.

"The phishing scam’s goal was to get access to recipients’ external wallets, not Celsius wallets, by leveraging the trust that our community has in us. We know that customers who had not registered an email or phone number with Celsius also received fraudulent messages to these contact details, thus we believe the data was collected from external data sources," CEO Alex Mashinsky said in a statement.

Last spring, Celsius competitor BlockFi suffered a similar data breach, though by way of a hacker gaining access to an employee's company accounts through a sim swap. Hardware wallet producer Ledger has also suffered leaks of its customer data. Such leaks can put users' funds (not to mention their physical safety) at risk.

This is a developing story and will be updated.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.