Celsius Network, a lending platform for crypto assets, has stated that their email server had been breached. Because of the breach, customers in the platform were receiving phishing links via SMS and email.
Celsius Network has released an announcement in which it revealed how some of its customers received links on their emails and SMS. Customers who follow the links would be directed to another pseudo website that mimicked that of Celsius. The links accompanied a message, which offers $500 to users who follow the link and create a wallet.
Causes of the breach
In a statement released by the firm, customers on Celsius made reports on a false website impersonating Celsius. Celsius customers were receiving SMS and emails that replicated an official communication from Celsius. The messages had a link that would prompt users to provide sensitive data that the hackers would use maliciously.
The breach resulted after a hacker accessed a backup third-party email server that had contact details of customers. By accessing this server, hackers had the chance to conduct a phishing attack. Users who followed the link sent to them would give these hackers access to their personal wallets, whose funds would be drained.
The magnitude of the impact on customers
Celsius maintains that it acted with haste to reduce the phishing attack’s impact on its users. However, a report of Reddit states that reports show that at least $300,000 worth of crypto had been stolen from the Celsius platform. One of the Reddit forum users claimed that he had lost Ether worth $50000 because of the breach.
The founder and the CEO of Reddit, Alex Mashinksy, assured customers on the Celsius Network that the platform was secure and that its systems had not been affected. He added that this firm’s security team has used back-end systems to secure customer funds and sensitive data. He affirmed that this team had acted quickly to reduce the impact of the breach.
The CEO also assured their customers that a full investigation was being conducted on the matter. The investigation would help establish how the unauthorized hacker had gained access to the third-party email server. He added that some of the customers who had received messages had not registered their contact information on Celsius, and hence external sources had been used.
Celsius native token, CEL, has been listed on the OKEx exchange a day before. The token has gained almost 1% even after the incident.