Pantera Capital HubSpot Data Breach and Pantera Coin Fraud

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 16:14, 24 April 2023 by Azoundria (talk | contribs) (Initial 30 minutes completed.)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Pantera Capital

Pantera Capital is an investment company in the United States offering investors a variety of investment products with exposure to bitcoin and other cryptocurrencies. They were reportedly among those companies affected by the Hubspot data breach. The issue for Pantera happened prior to February 17th, 2021, more than a year before most other firms suffered a similar Hubspot breach. Fraudsters used the information to contact customers and launch the Pantera Coin ICO, which raised 6.22646861 ETH (~$18k USD) with deposits continuing for days after the email. For a brief period of time, it even appears that the fraudsters were answering some company email to indicate the ICO was real, presumably via access gained through Hubspot.

Pantera issued a tweet at the time to notify customers, and subsequently issued a further email a month later when other large firms appear to have fallen victim to similar breaches. It seems unlikely that any funds will be recovered for users who sent their funds in to the ICO and received nothing back.

About Pantera Capital

[1]

"Since 2013, Pantera has invested in digital assets and blockchain companies, providing investors with the full spectrum of exposure to the space." "Pantera launched the first cryptocurrency fund in the U.S. when bitcoin was at $65 /BTC in 2013. The firm subsequently launched the first blockchain-focused venture fund. Pantera co-CIO Joey Krug co-founded Augur, one of the first decentralized applications built on Ethereum. In 2017, Pantera was the first to offer an early-stage token fund."

"Most individuals don’t understand the power of a CRM. At minimum, these tools allow companies to acquire, sort and manage incoming customers (and their data) in a way that provides the best user experience. At maximum, these tools are capable of an extreme degree of web monitoring and AI-based user segmentation and prediction."

"Multiple Web3 and crypto companies have been affected by a data breach at HubSpot, a marketing and sales platform that stores customer information."

About HubSpot

[2]


"Crypto venture capital firm Pantera Capital said in February that its Hubspot account had been compromised, and followed up with an email to its clients on March 19."


"Pantera's HubSpot account was recently compromised. Any email regarding a "Pantera Coin" token sale is a scam. We'll follow up with more details when we resolve this issue."

"HubSpot said on Saturday (19 March) that it became aware of a compromised employee account the previous day. The company believes data was exported from around 30 of its clients, “all of whom have been notified”."

"The breach has rippled through the crypto industry: As of Monday, crypto lending platform BlockFi, bitcoin-purchasing automation platform Swan Bitcoin, bitcoin company NYDIG, peer-to-peer payments technology company Circle and cryptocurrency fund Pantera Capital (which was hit a month prior) had been affected."

"Decrypt(opens in new tab) published a letter that Pantera Capital, an American hedge fund that specializes in cryptocurrencies, sent out to its customers, which said "Pantera uses Hubspot as a client relationship management platform. The information that may have been accessed includes first and last names, email addresses, mailing addresses, phone numbers, and regulatory classifications,""

"Adam Healy, chief security officer at BlockFi, said that vendors like HubSpot who are “trusted with client information” are “subjected to a number of reviews.”"

"“However, even in those cases, vendors can make mistakes and as evidenced by Friday’s events have incidents that impact us and our clients,” Healy said in a statement sent to Blockworks."

"The investigation of the bad actor’s activity confirmed that this was a targeted attack focused on customers in the cryptocurrency industry. There was no evidence of suspicious activity within targeted customer accounts after March 18, 2022."

"While it is unclear what the attacker planned to do with this information, Coindesk reported that some users saw an uptick in phishing emails over the weekend, attempting to lure them into putting their passwords into a fake company website."

"[The] rogue employee working at HubSpot – used by more than 135,000 (and growing) customers to manage marketing campaigns and on-board new users – has been fired over a breach that zeroed in on the company’s cryptocurrency customers, the company confirmed on Friday."

"A full list of the affected clients has not been published, but [HubSpot] said it appeared to be a “targeted incident focused on customers in the cryptocurrency industry”."

"Since the incident, we have taken steps to enhance our security and to prevent a similar attack from occurring in the future. While our investigation has concluded and remediation completed, we remain committed to improving our security through regular assessments and testing."

"Hubspot says it's around 30 crypto companies in the hack. Fewer than 10 have divulged so far."

This exchange or platform is based in United States, or the incident targeted people primarily in United States.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Pantera Capital HubSpot Data Breach and Pantera Coin Fraud
Date Event Description
February 17th, 2021 12:57:37 PM MST Transaction Paying For Pantera Coin A blockchain transaction for 2 ethereum appears to the scammer's wallet[3].
February 17th, 2021 1:43:00 PM MST Pantera Capital Posts On Twitter Pantera Capital posts about the breach on Twitter[4].
February 17th, 2021 2:17:00 PM MST Coinforensics Tweet Coinforensics reports that not only did they get an email from Pantera Capital announcing the new coin, but even responding to the official email address of Pantera Capital they would get a response from the scammers[5]. They report the attacker's wallet address[6][7].
February 17th, 2021 2:29:00 PM MST David Zeller Tweet Twitter user David Zeller posts a warning and screenshot the email he received promoting the Pantera Coin[8].
February 18th, 2021 2:37:00 AM MST Users Still Confused Even at this time, there appears to still be confusion. A user charlemhk shares a screenshot of the message asking if it's legitimate[9].
March 19th, 2022 Hubspot Issues Press Release FAQ According to HubSpot's website, they published the statement and FAQ on March 19th. (No time is provided and the page was not captured by archive until the following day.) The state that "[o]n March 18, a bad actor compromised a HubSpot employee account and used it to access data within fewer than 30 HubSpot accounts."[10][11] Hubspot also set up a public FAQ page on their website to provide more information. They report the breach exporting contact data from fewer than 30 HubSpot portals, all of which have been notified. HubSpot believes the incident to be targeted at customers in the cryptocurrency industry and has taken measures to terminate access for the compromised employee account and prevent other employees from taking certain actions in customer accounts. Customers who have been impacted by the breach should contact their respective companies for information about what data was shared and any necessary steps they need to take[12][13].
March 21st, 2022 8:17:00 AM MDT CoinDesk Article Published CoinDesk publishes an article on the incident[14]. They report that a data breach at third-party marketing vendor HubSpot has impacted BlockFi, Swan Bitcoin, NYDIG, and Circle, among others, who maintain their customers' funds are still safe and secure. While user information was leaked to hackers, the affected companies said passwords and other internal information were not affected. HubSpot has not disclosed the full extent of the breach, and an investigation is ongoing. This is copied to Yahoo Finance[15].
March 21st, 2022 10:53:00 AM MDT Cory Klippsten Criticism Swan Bitcoin CEO Cory Klippsten criticizes the industry since close to 30 companies appear to have been breached and fewer than 10 have disclosed it publicly. He announces that his company is severing relations[16].
March 21st, 2022 11:57:00 AM MDT Blockworks Article Published Blockworks publishes an article on the situation. They reported multiple crypto companies were affected including NYDIG, Pantera Capital, BlockFi, Circle and Swan Bitcoin. They report that Pantera Capital was breached a month earlier, and reference a Tweet from a breach a year and a month ago. The data breach saw user information leaked to hackers, but not passwords or sensitive personal information. It is believed to have been a “targeted incident focused on customers in the cryptocurrency industry”. Affected companies maintain customer funds are still safe and secure, and are monitoring the situation closely. The full extent of the HubSpot hack is still unknown and the investigation is reportedly still ongoing[17].
March 22nd, 2022 3:10:55 AM MDT Silicon Republic Article Silicon Republic reports that cryptocurrency companies, including Swan Bitcoin, BlockFi, NYDIG, Pantera Capital, and Circle, were among the 30 affected by a data breach at marketing and sales platform HubSpot. The company confirmed that a “bad actor” compromised an employee account and exported contact data from a small number of customer accounts. While it is unclear what the attacker planned to do with the information, phishing emails have been reported attempting to trick users into submitting their passwords into a fake company website[18][19].
March 24th, 2022 11:11:00 AM MDT ThreatPost Article Published ThreatPost publishes an article on the situation. They report that HubSpot, a marketing platform used by over 135,000 customers, suffered a data breach due to a rogue employee who targeted the company's cryptocurrency customers. At least 30 crypto firms were affected, including BlockFi, Swan Bitcoin, Circle, and NYDIG. The stolen data included contact data, names, emails, account types, phone numbers, and in some cases, company names. While there was no loss of sensitive financial or personal data, such as Social Security numbers or tax IDs, there was the inclusion of a "limited historical snapshot of USD deposits" and about 1.2% of the dataset included clients' intended investment areas or the median net worth of their approximate geographic locales[20].

Total Amount Lost

The total amount lost is unknown.

Attacker's wallet.[6][7][3]

[21]

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Pantera Capital Announcement on Twitter

Pantera Capital posted about the breach on Twitter[4].

Pantera's HubSpot account was recently compromised. Any email regarding a "Pantera Coin" token sale is a scam.  We'll follow up with more details when we resolve this issue.

Other Twitter Users Issuing Warnings

[22][23][24]

Do not send Eth to the Pantera Coin project. It is a scam.

Fraud against Pantera investors and the crypto community.

Dan Morehead of @PanteraCapital sent out a disclaimer about scammers soliciting investors for a "Pantera Coin". Mr. Morehead did not send this email and there is no such project.

Still Some Confusion

It appears that there was still confusion over the legitimacy of the email going into the night[9].

I revived a newsletter from @PanteraCapital for the Pantera coin offering but I’m not sure if it’s a scam or not. Is it legitimate @dan_pantera?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

Privacy-conscious customers can set up separate email addresses for each service easily, and avoid providing their phone number when possible. Any received emails must be viewed with scrutiny. Interact with companies only through their official websites and confirm anything with the company directly if it promises a significant reward or threatens access to your funds.

Platforms should put in place multi-signature access control on customer data, which requires the approval of multiple people to enable the mass download of data.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Home | Pantera (Jul 14, 2022)
  2. HubSpot Security Program (Jul 20, 2022)
  3. 3.0 3.1 Blockchain Transaction for 2 ETH to the Scammer - Etherscan (Jul 20, 2022)
  4. 4.0 4.1 PanteraCapital - "Pantera's HubSpot account was recently compromised. Any email regarding a "Pantera Coin" token sale is a scam.  We'll follow up with more details when we resolve this issue." - Twitter (Jul 20, 2022)
  5. coinforensics - "The HubSpot account of @PanteraCapital has been compromised and a fake Pantera Coin ICO email has been sent. if you send an email to the official email address (ir@panteracapital.com) you will get a response from the scammer." - Twitter (Jul 20, 2022)
  6. 6.0 6.1 Coinforensics - So far, around 3 ETH lost to this scam. - Twitter (Apr 24, 2023)
  7. 7.0 7.1 Attacker's Wallet Address - Etherscan (Jul 20, 2022)
  8. David Zeiler - "RED ALERT! If you received an email from #Pantera today seeking #Ethereum in exchange for some new #crypto called Pantera Coin, do NOT fall for it. It's a #scam." - Twitter (Jul 20, 2022)
  9. 9.0 9.1 charlemhk - "I revived a newsletter from @PanteraCapital for the Pantera coin offering but I’m not sure if it’s a scam or not." -Twitter (Jul 20, 2022)
  10. HubSpot's Statement Regarding March 18, 2022 Security Incident - Hubspot Website (Jul 20, 2022)
  11. HubSpot's Statement Regarding March 18, 2022 Security Incident - Hubspot Website Archive March 20th, 2022 6:18:05 PM MDT (Apr 24, 2023)
  12. Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website (Jun 26, 2022)
  13. Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website Archive March 20th, 2022 8:03:24 PM MDT (Apr 24, 2023)
  14. HubSpot Hack Leads to Data Breaches at BlockFi, Swan Bitcoin, NYDIG and Circle - CoinDesk (Apr 24, 2023)
  15. HubSpot Hack Leads to Data Breaches at BlockFi, Swan Bitcoin, NYDIG and Circle - Yahoo Finance (Jul 20, 2022)
  16. Cory Klippsten - "Hubspot says it's around 30 crypto companies in the hack.  Fewer than 10 have divulged so far." - Twitter (Jul 20, 2022)
  17. NYDIG, BlockFi, Pantera, Circle All ‘Targeted’ in HubSpot Data Breach - Blockworks (Jul 20, 2022)
  18. HubSpot hack leads to multiple Web3 and crypto company data breaches - Silicon Republic (Jun 26, 2022)
  19. HubSpot hack leads to multiple Web3 and crypto company data breaches - Silicon Republic Archive March 22nd, 2022 4:07:55 AM MDT (Apr 24, 2023)
  20. HubSpot Data Breach Ripples Through Crytocurrency Industry - Threatpost (Jun 20, 2022)
  21. https://coinmarketcap.com/currencies/ethereum/historical-data/ (Dec 21, 2021)
  22. GoingParabolic - "Do not send Eth to the Pantera Coin project. It is a scam. " - Twitter (Jul 20, 2022)
  23. davejevans - "Fraud against Pantera investors and the crypto community." - Twitter (Jul 20, 2022)
  24. ubitquity_io - "Dan Morehead of @PanteraCapital sent out a disclaimer about scammers soliciting investors for a "Pantera Coin". Mr. Morehead did not send this email and there is no such project." - Twitter (Jul 20, 2022)

Cite error: <ref> tag with name "threatpost-8170" defined in <references> is not used in prior text.
Cite error: <ref> tag with name "siliconrepublic-8176" defined in <references> is not used in prior text.
Cite error: <ref> tag with name "hubspot-8171" defined in <references> is not used in prior text.
Cite error: <ref> tag with name "hubspot-8615" defined in <references> is not used in prior text.
Cite error: <ref> tag with name "hubspotlegal-8616" defined in <references> is not used in prior text.
Cite error: <ref> tag with name "coryklippstentwitter-8618" defined in <references> is not used in prior text.
Cite error: <ref> tag with name "blockworks-8621" defined in <references> is not used in prior text.
Cite error: <ref> tag with name "yahoofinance-8628" defined in <references> is not used in prior text.

Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Pantera_Capital_HubSpot_Data_Breach_and_Pantera_Coin_Fraud&oldid=3535"