Kroll, a claims administration company keeping track of bankruptcy proceedings against BlockFi, FTX and Genesis, was targeted in a SIM-swapping attack that enabled the attacker to gain access to some cloud-based systems.
In a statement, Kroll said that a single employee was targeted, and that the attacker was successful in gaining control of the employee’s T-Mobile US account.
A more detailed account of the incident states that the attacker was able to then gain access to “files in Kroll’s cloud-based systems”, leading to details such as name, address, email address, and FTX account balance being leaked.
“There is no evidence that the attacker accessed any other Kroll accounts or systems,” the company said in a note to affected claimants.
“Moreover, Kroll did not maintain passwords to FTX accounts.”
Kroll indicated it is cooperating with authorities while also conducting its own investigation.
FTX said in a statement on X (formerly Twitter) that “non-sensitive customer data of certain claimants in the pending bankruptcy case” against it was compromised.
“Kroll has assured the FTX debtors that it promptly contained and remediated the incident, and the FTX debtors are closely monitoring the situation,” FTX said.
FTX named Kroll as its claims agent in bankruptcy proceedings against the cryptocurrency exchange late last year.
A claims agent keeps track of all financial claims made against the bankrupt company, and also keeps claimants updated on proceedings.
BlockFi said in a separate statement, also on X, that “certain… client data housed on Kroll’s platform” had been impacted.