High-profile cryptocurrency lending startup BlockFi faced a malicious attack on its platform earlier this week.
On Sunday afternoon, the company’s employees identified a malicious actor spamming the platform’s sign-up page with fake accounts, using offensive language. The accounts were registered with over 1,000 emails, roughly half of which were identified as valid emails belonging to real users. The attacker put offensive terms in the fields for first and last names on the account registration page, flooding the system with hundreds of unfinished registrations, says BlockFi’s CEO and co-founder Zac Prince.
“I think this spam attack [was] designed to try and create negative sentiment around BlockFi by trying to get emails sent with vulgar language in them,” says Prince. He estimates 500 such emails were actually sent before the problem was caught.
MORE FOR YOU
Earlier in the morning, Prince tweeted BlockFi was temporarily pausing new signups due “to a minor technical issue with the new account signup workflow” and gave assurance the technical team is addressing the problem. “Deposits / Withdrawals / Trading etc continues to operate completely normally for existing clients,” wrote Prince.
While the incident could raise red flags, given BlockFi suffered a temporary data breach that exposed some client data last May, Prince notes “the hackers have never been successful in penetrating internal company’s systems” and that the latest attempt could be described as “just shooting lasers at the onion”, in comparison to what had happened in May.
News of the attack came amid BlockFi reportedly being in the process of closing a Series D round of capital at a valuation close to $3 billion. Potentially a new crypto unicorn, the company is growing at an unprecedented speed, even for the saturated digital assets space. Its $50 million Series C round valued the company at $435 million just six months ago.
The three-year-old firm is one of the leading cryptocurrency lending providers with products ranging from crypto-backed loans to interest-earning accounts. BlockFi has raised more than $100 million within the last three years from numerous crypto-native and institutional investors, including Susquehanna Government Products, Coinbase Ventures, and Winklevoss Capital.
Competitors include London-based Celsius and blockchain-based Aave, which directly connects lenders and borrowers, without a middleman in between. BlockFi’s revenue in February was just short of $50 million, compared to the full-year revenue of approximately $100 million in 2020.
Following the May attack, BlockFi hired a new chief security officer, Adam Healy, who had held a similar position at Bakkt, cryptocurrency venture of New York Stock Exchange-owner ICE. According to Prince, Healy has expanded the cybersecurity team to over 15 people and is looking to add more.
Last month, cryptocurrency portfolio tracker Blockfolio, recently acquired for $150 million by Hong Kong-based crypto exchange FTX, has suffered a similar attack, when messages containing racial slurs were sent to the users of the platform.