Skip to content

Search the site

FTX victims get even more bad news as claims agent discloses data breach

The company handling bankruptcy claims for FTX investors has suffered a data breach that included personal information about its clients

Things have somehow gotten even worse for investors in defunct crypto exchange FTX, as the firm in charge of handling claims has suffered a data breach.

Kroll, the agency in charge of processing FTX debt claims in its ongoing bankruptcy, said that its systems were accessed by outside attackers following a SIM-swapping attack on an employee.

"Specifically, T-Mobile, without any authority from or contact with Kroll or its employee, transferred that employee’s phone number to the threat actor's phone at their request," Kroll said in disclosing the incident.

"As a result, it appears the threat actor gained access to certain files containing personal information of bankruptcy claimants in the matters of BlockFi, FTX and Genesis."

While Kroll described the attack as "highly sophisticated," SIM-swapping is a relatively straight-forward technique that relies far more on social engineering than any technical prowess.

In a SIM-swapping attack the criminal convinces the target's mobile carrier that the target's phone was lost or stolen and asks that their SIM card status (including their mobile phone number) be transferred to a new device controlled by the attacker. From there, the attacker can reset passwords or get token access to other accounts.

In this case, it appears the attacker was able to either obtain or reset the Kroll employee's credentials and access the information of a number of the company's cases, including the FTX bankruptcy.

Kroll said it has contacted the FBI and is fully cooperating with law enforcement, while FTX said that the exposed data was "non-sensitive" though both parties have warned users to be on the lookout for follow-up scams.

"Kroll has assured the FTX Debtors that it promptly contained and remediated the incident, and the FTX Debtors are closely monitoring the situation," FTX said.

"Please remain on high alert for attempted fraud and scam emails impersonating parties in the bankruptcy."

Meanwhile, things are not going much better for the people that helped orchestrate the FTX bankruptcy fiasco.

Earlier this month, FTX co-founder Sam Bankman-Fried had his bail revoked and was sent to a New York jail after it was found that he had leaked to the press a series of messages with Caroline Ellison, Bankman-Fried's former partner and a key witness in his criminal fraud case. He is set for trial in October.