BlockFi Hubspot Data Breach
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
BlockFi is a platform which allows users to provide their cryptocurrency and earn a high rate of return, as the platform lends out the funds to other users. The company used HubSpot to assist with managing their customer relationships. HubSpot suffered a data breach and names, email addresses, and phone numbers of customers were leaked. An announcement was made and the employee at the company who enabled the breach has been fired. Customers must be aware for future phishing scams which may target them.
About BlockFi
BlockFi is a crypto management platform that offers various services, including earning interest on cryptocurrency holdings, borrowing cash against crypto assets, buying and selling crypto, and accessing other bank-like features[3][4]. The platform aims to provide users with the opportunity to earn more from their crypto, offering interest rates as high as 8.6% per year on certain cryptocurrencies[3]. It offers accounts for different cryptocurrencies and provides benefits such as no hidden fees, no minimum balance requirements, and instant fund transfers[3]. BlockFi allows users to earn interest on their holdings through its BlockFi Interest Account (BIA), where they can deposit crypto and earn returns[3]. Users can also borrow funds against their crypto assets and pay as low as 4.5% APR while maintaining access to their crypto[3]. Additionally, BlockFi supports trading of cryptocurrencies and stablecoins within the platform, offering instant transactions, competitive pricing, and immediate interest accrual[3]. The platform also caters to institutional clients, providing services like secure crypto trading, borrowing, lending, and earning returns on holdings[3]. Furthermore, BlockFi plans to launch the world's first bitcoin rewards credit card, allowing users to earn 1.5% back in bitcoin on every purchase[3]. The platform is known for its mobile app, which enables users to manage their accounts, earn interest, borrow money, and perform other functions on the go[3]. BlockFi has gained attention for its BlockFi Bitcoin Trust, which suggests the company is preparing to launch a bitcoin exchange-traded fund (ETF)[3]. Overall, BlockFi aims to provide users with maximum security, transparency, and control over their accounts, with no hidden fees or minimum balance requirements[3].
Zero-Fee Trading Platform
BlockFi has introduced zero-fee trading for Bitcoin, Ethereum, and GUSD stablecoin[4]. The new trading feature enables users to trade one cryptocurrency asset for another without any fees[4]. The revenue will come from selling trade data and consumer behavior information to institutional cryptocurrency firms, which will also act as market makers to enhance liquidity[4]. BlockFi assures users that their data will be anonymized and no personalized records will be shared[4]. The company plans to deepen partnerships with market makers who have been clients and investors in the startup[4]. BlockFi made the decision to enter trading after a customer survey revealed a significant portion of withdrawals were used for trading activities[4]. The startup intends to add more cryptocurrency options, such as USDC and Litecoin, and attract new traders to its platform[4].
"BlockFi is a crypto management platform that lets you leverage your cryptocurrency and put it to fair use." "This platform has been around since 2017, and while it’s independently owned, several financial giants like SoFi and Fidelity back it." "At BlockFi, you can earn up to 8.6% interest per year on your cryptocurrency holdings, borrow cash, buy and sell crypto, and access other bank-like services. It’s like an all-in-one crypto bank." "Today, a growing number of users are using BlockFi as a bank for their cryptocurrency. Just like you use Bank of America or a Credit Union for your fiat currency, you can use BlockFi for your cryptocurrency."
"BlockFi [recently] introduced trading at no fees for Bitcoin, Ethereum and the stablecoin GUSD. The startup has been known to allow users access to returns on their cryptocurrency holdings by offering loans to borrowers against users’ cryptocurrency holdings and then passing across the returns in terms of interest on the loans while securing the crypto assets that were used as security for the loans."
"As part of Hubspot being used for CRM and marketing processes, BlockFi stored data that included name, email, and phone number for a majority of our clients."
"As Cointelegraph reported, hackers gained entry to BlockFi’s shopper data that was hosted on Hubspot, a client relationship administration platform."
About HubSpot
HubSpot is a CRM platform offering a suite of software, integrations, and resources to connect marketing, sales, content management, and customer service[5]. The platform consists of products that can be used individually or together to achieve optimal results[5]. The Marketing Hub helps with traffic growth, lead generation, marketing automation, and analytics[5]. The Sales Hub provides insights into prospects, automates tasks, and facilitates deal closures[5]. The Service Hub focuses on customer service, connecting with customers, and turning them into promoters[5]. The CMS Hub offers flexible content management for marketers and powerful features for developers[5]. The Operations Hub synchronizes applications, cleans and curates customer data, and automates processes[5].
HubSpot was founded in 2006 by Brian Halligan and Dharmesh Shah at MIT[6]. The company experienced significant revenue growth, from $255,000 in 2007 to $15.6 million in 2010[6]. They expanded their offerings by acquiring Oneforty, a Twitter app store, and introducing personalized website software[6]. Initially targeting small businesses, HubSpot later served larger companies up to 1000 employees[6]. In 2014, they filed for an IPO and raised over $140 million[6]. HubSpot's stock has performed well, reaching a peak of $841.26 in 2021[6]. They made strategic acquisitions, including Kemvi in 2017 and The Hustle, a content and email newsletter company, in 2021. Yamini Rangan became the CEO in September 2021, while Brian Halligan transitioned to Executive Chairman[6].
HubSpot emphasizes the importance of security, privacy, and control in its products[7]. It offers a comprehensive approach to data security, privacy, and control, providing tools that empower teams to achieve compliance and a secure infrastructure to protect data[7]. HubSpot is trusted by over 121,000 customers in more than 120 countries, including notable organizations such as KPMG, WWF, GoFundMe, Cybereason, LegalZoom, and CancerIQ[7]. The company takes a proactive approach to privacy and security, ensuring that its products meet established standards[7]. HubSpot follows a defense-in-depth approach, implementing multiple layers of security throughout the organization[7]. It complies with industry best practices, such as the OWASP Top 10 and the CIS Critical Security Controls, to continuously improve its security program. HubSpot prioritizes data privacy, ensuring that customer data is protected and used only as permitted in its Customer Terms of Service and Privacy Policy[7]. It offers features like GDPR compliance tools, customizable consent tracking, and subscription settings to help customers comply with data privacy regulations[7]. HubSpot's CRM platform is built on secure software development processes and includes features like SSL certificates, single sign-on, two-factor authentication, and password protection for enhanced security[7]. Customers can access resources like GDPR compliance information, privacy policy details, legal documentation, and security reports through HubSpot's Trust Center[7]. The company also addresses frequently asked questions about its infrastructure, regional data hosting, certifications, encryption, and other security measures[7]. Overall, HubSpot provides software that is secure, reliable, and designed to scale with businesses[7].
HubSpot's CMO predicts that AI will revolutionize business in the future[8]. HubSpot supports its users with free courses, certifications, resources, and a dedicated customer support team[8]. It also has a thriving user community, user groups, blogs, and an app marketplace with numerous integrations[8].
The Reality
Some employees of HubSpot have access to HubSpot accounts. This access is intended to be used to assist customers[9]. Users should be aware that it often includes the past behavioural history of individual users. Such information is highly valuable in creating an effective social engineering attack[9].
“While it is true that financial data is not stored in the CRM, you should be aware that data associated with the users of these companies and their behaviors is logged in the CRM. This puts users in a unique position to be targeted in social engineering attacks.” - HubSpot super admin Robert Warren
According to BlockFi: “Hubspot has confirmed that an unauthorized third-party gained entry to certain BlockFi shopper data housed on their platform.”
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| June 30th, 2021 2:43:00 PM MDT | Interest Rates Reduced | Crypto lending platform BlockFi is reducing interest rates on certain crypto asset deposits, citing changing market dynamics and borrowing demand from institutional investors. The decision affects deposits of cryptocurrencies such as Bitcoin, Ether, Chainlink, and Litecoin, with the annual percentage yield (APY) for Bitcoin deposits over 20 BTC dropping to 0.25% from 0.5%. BlockFi's move contrasts with other major lending desks like Genesis and Ledn, which are not planning to lower their rates for Bitcoin deposits, as they are experiencing increased borrowing demand. The decision has led to snarky comments on Twitter. The Grayscale Bitcoin Trust (GBTC) arbitrage trade, which involves borrowing Bitcoin and exchanging it for GBTC shares, may have influenced BlockFi's decision. BlockFi recently disclosed holding $1.7 billion in GBTC shares. GBTC shares are currently trading at a discount to the net asset value (NAV), diminishing the attractiveness of the arbitrage trade. BlockFi raised $350 million in a Series D funding round in March, and rumors suggest another funding round worth several hundred million dollars is underway. Despite the rate reduction, BlockFi aims to exceed its $500 million revenue goal for 2021[1]. |
| March 15th, 2022 | Social Engineering Attack | On March 15th, at an unspecified time, a HubSpot employee fell victim to a social engineering attack which persuaded the employee to provide the necessary credentials and multi-factor authentication[10]. |
| March 17th, 2022 | Client Data Exported | It is reported by Hubspot that contact data and user data was exported on March 17th and March 18th through an internal support tool called "just-in-time access" (or JITA)[10]. |
| March 18th, 2023 7:00:00 AM MDT | Hubspot Realized Breach | HubSpot reports they first "became aware of this unauthorized activity. [They] took prompt action to shut down the bad actor’s access and investigate its impact."[10] |
| March 18th, 2022 6:47:00 PM MDT | BlockFi Issues Statement on Twitter | BlockFi shares a statement regarding the incident on Twitter. This statement mentions that they learned of a "data incident" and assures that "client funds are safeguarded and were not impacted", and that "account passwords, government-issued ID numbers and social security numbers were never stored on Hubspot"[11]. |
| March 19th, 2022 | Hubspot Issues Press Release FAQ | According to HubSpot's website, they published the statement and FAQ on March 19th. (No time is provided and the page was not captured by archive until the following day.) The state that "[o]n March 18, a bad actor compromised a HubSpot employee account and used it to access data within fewer than 30 HubSpot accounts."[12][13] Hubspot also set up a public FAQ page on their website to provide more information. They report the breach exporting contact data from fewer than 30 HubSpot portals, all of which have been notified. HubSpot believes the incident to be targeted at customers in the cryptocurrency industry and has taken measures to terminate access for the compromised employee account and prevent other employees from taking certain actions in customer accounts. Customers who have been impacted by the breach should contact their respective companies for information about what data was shared and any necessary steps they need to take[14][15]. |
| March 21st, 2022 8:17:00 AM MDT | CoinDesk Article Published | CoinDesk publishes an article on the incident[16]. They report that a data breach at third-party marketing vendor HubSpot has impacted BlockFi, Swan Bitcoin, NYDIG, and Circle, among others, who maintain their customers' funds are still safe and secure. While user information was leaked to hackers, the affected companies said passwords and other internal information were not affected. HubSpot has not disclosed the full extent of the breach, and an investigation is ongoing. This is copied to Yahoo Finance[17]. |
| March 21st, 2022 10:53:00 AM MDT | Cory Klippsten Criticism | Swan Bitcoin CEO Cory Klippsten criticizes the industry since close to 30 companies appear to have been breached and fewer than 10 have disclosed it publicly. He announces that his company is severing relations[18]. |
| March 21st, 2022 11:57:00 AM MDT | Blockworks Article Published | Blockworks publishes an article on the situation. They reported multiple crypto companies were affected including NYDIG, Pantera Capital, BlockFi, Circle and Swan Bitcoin. They report that Pantera Capital was breached a month earlier, and reference a Tweet from a separate breach a year and a month ago. The data breach saw user information leaked to hackers, but not passwords or sensitive personal information. It is believed to have been a “targeted incident focused on customers in the cryptocurrency industry”. Affected companies maintain customer funds are still safe and secure, and are monitoring the situation closely. The full extent of the HubSpot hack is still unknown and the investigation is reportedly still ongoing[19]. |
| March 21st, 2022 5:05:26 PM MDT | Bitcoin Magazine Article | Bitcoin Magazine publishes an article on the Hubspot data breach[20]. They report the unauthorized user with "super admin" access exported contact lists and data, including IP addresses, email histories, customer browsing behavior, financial value, and help tickets. While financial data was not compromised, the loss of user persona and behavioral data is severe, and users should expect spear phishing and spam attacks. Users are advised to be cautious of unsolicited communications and to use privacy best practices when browsing, buying, and communicating online[21]. |
| March 22nd, 2022 3:10:55 AM MDT | Silicon Republic Article | Silicon Republic reports that cryptocurrency companies, including Swan Bitcoin, BlockFi, NYDIG, Pantera Capital, and Circle, were among the 30 affected by a data breach at marketing and sales platform HubSpot. The company confirmed that a “bad actor” compromised an employee account and exported contact data from a small number of customer accounts. While it is unclear what the attacker planned to do with the information, phishing emails have been reported attempting to trick users into submitting their passwords into a fake company website[22][23]. |
| March 24th, 2022 11:11:00 AM MDT | ThreatPost Article Published | ThreatPost publishes an article on the situation. They report that HubSpot, a marketing platform used by over 135,000 customers, suffered a data breach due to a rogue employee who targeted the company's cryptocurrency customers. At least 30 crypto firms were affected, including BlockFi, Swan Bitcoin, Circle, and NYDIG. The stolen data included contact data, names, emails, account types, phone numbers, and in some cases, company names. While there was no loss of sensitive financial or personal data, such as Social Security numbers or tax IDs, there was the inclusion of a "limited historical snapshot of USD deposits" and about 1.2% of the dataset included clients' intended investment areas or the median net worth of their approximate geographic locales[24]. |
| April 3rd, 2022 4:28:56 AM MDT | Mentioned In CoinTelegraph Article | The situation is mentioned in a CoinTelegraph article[25]. They mention that "New Jersey-based crypto financial institution BlockFi proactively confirmed a data breach to warn investors about the possibility of phishing attacks." None of the other platforms are included here[26]. |
Technical Details
According to BlockFi: “Hubspot has confirmed that an unauthorized third-party gained entry to certain BlockFi shopper data housed on their platform.”
Total Amount Lost
No funds were lost.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
According to BlockFi: “Hubspot has confirmed that an unauthorized third-party gained entry to certain BlockFi shopper data housed on their platform.”
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
"On Mar. 19, New Jersey-based crypto financial institution BlockFi proactively confirmed an info breach to warn merchants in regards to the alternative of phishing assaults."
"While specifics on the breached data are however to be acknowledged and revealed, BlockFi reassured prospects by highlighting that personal data — along with passwords, government-issued IDs and social security numbers — “have been certainly not saved on Hubspot.”"
"We are working with Hubspot as the continue their investigation to understand the full scope of impact."
BlockFi Issued Public Statement
BlockFi issued a public statement about the breach[11].
On Friday, March 18, 2022, BlockFi learned of a data incident at one of our third-party vendors, Hubspot, a client relationship management platform. Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.
To be clear, BlockFi's internal systems and client funds are safeguarded and were not impacted. We can also confirm that BlockFi account passwords, government-issued ID numbers and social security numbers were never stored on Hubspot. The incident occurred at Hubspot and we are notifying you directly so that you can take actions to further protect yourself. No action is needed on your BlockFi account at this time.
The protection and safekeeping of our systems and clients' assets are of the utmost importance. We will continue to keep you updated as this process evolves.
"A rogue employee working at HubSpot – used by more than 135,000 (and growing) customers to manage marketing campaigns and on-board new users – has been fired over a breach that zeroed in on the company’s cryptocurrency customers, the company confirmed on Friday."
"A full list of the affected clients has not been published, but [HubSpot] said it appeared to be a “targeted incident focused on customers in the cryptocurrency industry”."
Ultimate Outcome
Employee Responsible For Breach Fired
The hacker compromised a HubSpot employee account and focused on stealing data from cryptocurrency industry customers[9]. The "rogue" HubSpot employee was fired over the breach that targeted the company's cryptocurrency customers[9].
Total Amount Recovered
There do not appear to have been any funds lost in this case.
Ongoing Developments
HubSpot has provided limited details into their upgraded security model, and there are presently suspected to be dozens of other crypto companies who were also using HubSpot and did not publicly disclose this information breach.
Ongoing Phishing Attack Risk
Although no sensitive financial or personal data was included, security specialists have raised concerns about the potential for social engineering attacks using the exfiltrated information[9].
Upgrades To HubSpot Security Model
Hubspot reportedly has "taken steps" to "enhance" their security which they believe will "prevent a similar attack from occurring in the future". They "remain committed to improving [their] security through regular assessments and testing"[10].
Since the incident, we have taken steps to enhance our security and to prevent a similar attack from occurring in the future. While our investigation has concluded and remediation completed, we remain committed to improving our security through regular assessments and testing.
With limited tangible details provided publicly, it remains to be seen how effective these new security measures will be at preventing future breaches.
Many Companies Not Disclosing Breach
According to Swan Bitcoin CEO Cory Klippsten reported that HubSpot had indicated "around 30 crypto companies [were affected by] the hack"[18]. The only companies which appear to have reported the breach so far are Swan Bitcoin, BlockFi, NYDIG, and Circle. (Pantera Capital suffered a separate HubSpot breach a year prior, and was not part of this incident.)
If this is true, it could indicate around 26 companies who had customer data breached and did not report the issue. Users of other cryptocurrency services should be on guard that their data may have been breached in the HubSpot incident.
Individual Prevention Policies
Most companies have insecurities. Any information provided to a company may be breached or abused.
Protection Of Personal Information
Obviously, anything you can do to minimize the amount of information which you provide to websites will reduce your risk.
Set up separate email addresses for each service, and avoid providing your phone number whenever possible. Any received emails or phone calls must be viewed with scrutiny, especially if unsolicited. Interact with companies only through their official websites and confirm anything with the company directly via multiple official sources, especially if it promises a significant incentive to take an action or threatens access to your funds if an action is not taken. It would be recommended to also establish a network of multiple trusted individuals who use the same services and have a strong level of security knowledge.
Never Give Access To Your Funds
In a typical cryptocurrency fraud, malicious actors try to use the available information to convince you to give them authorization to access or transfer funds. This can be accomplished via tricking you into providing a private key or seed phrase, signing a transaction that grants them permission to move funds, or installing malware on your device. In most cases, this will be accomplished via a greed or fear trigger, and you should be on extra guard when experiencing those emotions.
Private keys can be obtained through seed phrases, mnemonics, private key files, mobile synchronization screens, wallet export features, wallet backups, etc... Never ever send these to anyone else who you do not intend to allow to take all of your money. Attackers will use a wide variety of tactics to convince you like pretending to be your wallet software, pretending they work for the wallet software, or asking you to screen share. Don't fall for them.
Any time untrusted software is being run is an opportunity for abuse. It is recommended to always interact with cryptocurrency in a fully controlled environment, which is an environment where you have understanding of every piece of software running there. Using a hardware wallet, spare computer with all software wiped, and/or virtual machine with only the needed software greatly reduces your attack surface. Take the time to verify downloaded files come from the correct and expected source and match available hashes if provided. Any time you encounter a new file, always check if it can contain executable code prior to using it.
Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Platforms should put in place multi-signature access control on all customer data, which requires the approval of multiple people to enable the download of data. An external security review should be conducted regularly. If information is lost in a breach, the level of damage can be minimized by educating users about potential scams and frauds that they may encounter. Platforms should be prepared to assist with victims, which could be done through an industry insurance fund.
Never take for granted the limited knowledge of users of your service and their tendency to skip past provided information. It is recommended to design a simple tutorial and quiz for new users which explains the basics of seed phrases, strong password generation, secure two-factor authentication, common fraud schemes, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space. This tutorial and quiz should ensure their understanding and be a standard part of the sign-up or download process which is difficult or impossible to skip.
All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.
All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.
All points along the communication and supply chain should be inspected for vulnerabilities. Common vulnerability points may include DNS, Discord, and customer information. What steps are required to access and/or modify the component? Do any third party companies or organizations implement a proper multi-signature approach? What additional security options are available?
Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
While the best solution is to reduce the amount of information collected, a combination of increased education, improved security, and a collective industry insurance fund can also prevent and mitigate the outcome of a similar data breach.
Private Identity Key Protocol
A key challenge is the increased reliance on an incredible amount of personal data by financial firms. Having this information shared as part of a normal business relationship and floating around on multiple platforms poses a severe risk to all users when it comes to identity theft, phishing attacks, and other targeted criminal activities. While various frameworks have been proposed for how platforms can safeguard this information, they all suffer from the problem of depending on individuals within the organization who can be coerced, bribed, or tricked into violating the policies. They also do not address situations in which customers divulge information to unregulated platforms, either deliberately or by being tricked via a phishing attack. Criminals only need to breach one platform, and the information is permanently exposed to the black market. As an alternative, a single digital access token could be used to validate identity, with the associated personal information stored in a single secure location. The personal information is much less likely to be breached. If the token is breached on any third party platform, the access token can be revoked and swapped with a new token, while criminals have no way of utilizing the old token.
Increased Education For Cryptocurrency Users
Create a standard tutorial and quiz for all new cryptocurrency participants, which is required to be completed once per participant. This tutorial and quiz should cover the basics of proper seed phrase protection, strong password generation, secure two-factor authentication, common fraud schemes, how to detect and guard against phishing attacks, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space.
Third Party Security Assessments
All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.
Establish Industry Insurance Fund
Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 1.0 1.1 BlockFi Rate Cut on Bitcoin Deposits Leaves Rivals Scratching Heads - CoinDesk (Jul 5, 2021)
- ↑ BlockFi Review 2021: Fees, Services & More (Jul 5, 2021)
- ↑ 3.00 3.01 3.02 3.03 3.04 3.05 3.06 3.07 3.08 3.09 3.10 BlockFi Review: Does BlockFi Work? Is It Legit or Too Risky? - Observer (Jul 5, 2021)
- ↑ 4.0 4.1 4.2 4.3 4.4 4.5 4.6 4.7 BlockFi Offers Zero-Fee Trading for Bitcoin, Ethereum and GUSD Stablecoin - CoinSpeaker (Jul 5, 2021)
- ↑ 5.0 5.1 5.2 5.3 5.4 5.5 5.6 HubSpot Homepage (Jun 27, 2023)
- ↑ 6.0 6.1 6.2 6.3 6.4 6.5 6.6 HubSpot - Wikipedia (Jun 27, 2023)
- ↑ 7.00 7.01 7.02 7.03 7.04 7.05 7.06 7.07 7.08 7.09 7.10 HubSpot Security Program - Hubspot Website (Jul 20, 2022)
- ↑ 8.0 8.1 8.2 HubSpot Homepage (Jun 27, 2023)
- ↑ 9.0 9.1 9.2 9.3 9.4 HubSpot Data Breach Ripples Through Crytocurrency Industry - Threatpost (Jun 20, 2022)
- ↑ 10.0 10.1 10.2 10.3 Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website (Jun 26, 2022)
- ↑ 11.0 11.1 BlockFi - "Regarding recent third-party data incident" - Twitter (Jun 20, 2022)
- ↑ HubSpot's Statement Regarding March 18, 2022 Security Incident - Hubspot Website (Jul 20, 2022)
- ↑ HubSpot's Statement Regarding March 18, 2022 Security Incident - Hubspot Website Archive March 20th, 2022 6:18:05 PM MDT (Apr 24, 2023)
- ↑ Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website (Jun 26, 2022)
- ↑ Information About HubSpot's March 18, 2022 Security Incident - Hubspot Website Archive March 20th, 2022 8:03:24 PM MDT (Apr 24, 2023)
- ↑ HubSpot Hack Leads to Data Breaches at BlockFi, Swan Bitcoin, NYDIG and Circle - CoinDesk (Apr 24, 2023)
- ↑ HubSpot Hack Leads to Data Breaches at BlockFi, Swan Bitcoin, NYDIG and Circle - Yahoo Finance (Jul 20, 2022)
- ↑ 18.0 18.1 Cory Klippsten - "Hubspot says it's around 30 crypto companies in the hack. Fewer than 10 have divulged so far." - Twitter (Jul 20, 2022)
- ↑ NYDIG, BlockFi, Pantera, Circle All ‘Targeted’ in HubSpot Data Breach - Blockworks (Jul 20, 2022)
- ↑ How HubSpot Data Breach Hits Bitcoiners - Bitcoin Magazine Archive March 21st, 2022 5:05:26 PM MDT (Apr 25, 2023)
- ↑ How HubSpot Data Breach Hits Bitcoiners - Bitcoin Magazine - Bitcoin News, Articles and Expert Insights (Jul 19, 2022)
- ↑ HubSpot hack leads to multiple Web3 and crypto company data breaches - Silicon Republic (Jun 26, 2022)
- ↑ HubSpot hack leads to multiple Web3 and crypto company data breaches - Silicon Republic Archive March 22nd, 2022 4:07:55 AM MDT (Apr 24, 2023)
- ↑ HubSpot Data Breach Ripples Through Crytocurrency Industry - Threatpost (Jun 20, 2022)
- ↑ Trezor investigates potential data breach as users cite phishing attacks - CoinTelegraph Archive April 3rd, 2022 4:30:56 AM MDT (Apr 24, 2023)
- ↑ Trezor investigates potential data breach as users cite phishing attacks - CoinTelegraph (May 21, 2022)
Cite error: <ref> tag with name "hubspot-8171" defined in <references> is not used in prior text.