Crypto Lender Celsius Hit With Data Breach, Some Client Info Exposed

The crypto lending platform Celsius was hit with a data breach yesterday, according to official statements.

The company said attackers gained access to a “back-up third-party email distribution system” with a partial list of customer emails. The fraudsters then impersonated official company communications, asking users to provide their seed phrase—the private list of words that works like a key to users’ crypto wallets.

Customers say they’ve also received SMS messages with phishing links.

In a blog post, Celsius CEO Alex Mashinsky wrote that the company is “conducting a full internal investigation to see if there was anything at all that could have been done to prevent this.”

The note also stressed that “all funds are safe,” and that the hackers have not breached any of the company’s internal systems.

But that isn’t to say money hasn’t been stolen from Celsius customers—even if the funds on Celsius’ platform haven’t gone anywhere, fraudulent links sent through email or SMS can allow hackers access to users’ crypto wallets.

The Celsius hack is reminiscent of last year’s data breach at Ledger, a crypto wallet provider, where attackers gained access to one million customer emails. Users have since sued over alleged efforts to “cover up” the breach.

Celsius did not immediately respond to a request for comment.