Fractal ID, a decentralized identity startup and know-your-customer (KYC) verification provider, has released a postmortem analysis of a data breach it suffered on July 14. The company said the compromised data may have included “names, email addresses or phone numbers, wallet addresses, physical addresses, images and photos of uploaded documents” for approximately 6,300 users, or 0.5% of the users in the Fractal ID database.
Headquartered in Berlin, Fractal ID provides compliance support for at least eight crypto protocols, including Polygon, Ripple, and Near, and has over 250 companies as its clients. Website.
The threat actor accessed the system through a compromised employee’s account. Because the employee had administrator-level access to the system, the hacker was able to “override” internal data privacy systems before automated systems could alert engineers and block the attackers 29 minutes after the attack began, the company said.
The company said that the party claiming responsibility for the attack demanded a ransom from the company, but the company refused to intervene and instead contacted the Berlin cybercrime law enforcement agency. According to a postmortem, the company also contacted affected users. The company outlined several measures it plans to take to counter future attacks, including restricting accounts with access to sensitive data and blocking login requests from unknown IP addresses.
The first hack dates back to 2022.
According to researchers at cybercrime intelligence firm Hudson Rock, the employee’s machine was originally compromised in September 2022. The machine was infected with the Raccoon ‘infostealer,’ a commonly available malware-as-a-service that was first discovered in April 2019.
“The computer was infected in 2022, but the victim did not appear to have changed his password, allowing the hacker to infiltrate the account and begin the hack,” the researchers wrote.
“The operator did not follow our opsec policies and training. We have technical measures in place to ensure that no operator can bypass this in the future. This was not the result of a software vulnerability,” Fractal ID said in its post-mortem.
The US Department of Justice indicted 26-year-old Ukrainian national Mark Sokolovsky in 2022 for conspiring to run Raccoon Infostealer, which was reportedly rented out to hackers for $200 a month in cryptocurrency. The FBI was able to identify “more than 50 million unique credentials and forms of identification (email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc.) from stolen data from millions of potential victims worldwide,” though the agency acknowledged that number is likely an undercount.
After failing to fake his own death following Russia’s invasion of Ukraine, Sokolovsky was extradited to the United States in February. The U.S. government also created a website where users can check if their credentials have been compromised.
Disclaimer: The Block is an independent media outlet providing news, research and data. As of November 2023, Foresight Ventures is the largest investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, impactful and timely information on the cryptocurrency industry. Current financial disclosures include:
© 2023 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be legal, tax, investment, financial or other advice.