Security News > 2021 > April > Celsius email system breach leads to phishing attack on customers

Cryptocurrency rewards platform Celsius Network has disclosed a security breach exposing customer information that led to a phishing attack.

Today, Celsius CEO Alex Mashinsky stated that Celsius' third-party marketing server was compromised, and threat actors gained access to a partial Celsius customer list.

"An unauthorized party managed to gain access to a back-up third-party email distribution system which had connections to a partial customer email list. Once inside the system, this unauthorized party sent a fraudulent email announcement, of which we know some of the recipients to be Celsius customers."

"The intent was to make the recipients believe the fraudulent email came from Celsius, that the fraudulent site was a true Celsius site, and to take ownership of recipients' cryptocurrency assets from their personal wallet by prompting the user to provide the seed phrase to their personal wallet address," disclosed a Celsius advisory.

After gaining access to the customer list, the threat actors impersonated Celsius Networks in phishing texts and emails that promoted a new Celsius Web Wallet.

As an incentive to get people to visit the site, the text states Celsius is offering $500 in the CEL cryptocurrency if they create a wallet and enter a special promo code.

News URL

https://www.bleepingcomputer.com/news/security/celsius-email-system-breach-leads-to-phishing-attack-on-customers/