After a third-party email delivery server was hacked by hackers, Celsius customers were targeted with fake SMS and email messages.
Celsius Network, a crypto asset loan site, has disclosed an email server breach that resulted in malicious phishing links being sent to customers.
According to an announcement made on April 15, some Celsius customers have been receiving emails and SMS messages that lead them to a malicious website impersonating the Celsius network. The messages say the link will take them to a new online wallet from Celsius, with a $500 reward for users who build a wallet using the link.
According to Celsius, the phishing links were sent after “an unauthorised party gained access to a backup third-party email distribution system that had connections to a partial customer email list,” allowing the malicious actors to threaten users with the phishing attempt.
As users click on the malicious page, they are prompted to enter the seed phrase for their personal wallet, allowing hackers to drain their funds.
While the team asserts it was able to react quickly and minimize the impacts to its users, a thread on Reddit suggests at least $300,000 worth of crypto has been stolen from Celsius’ customers, with one forum-goer, “VaporFye,” claiming to has lost 20 Ether ($50,000) to the scammer.
Celsius CEO and founder, Alex Mashinksy, sought to assure the community that “Celsius remains fully secure” and its systems “have not been breached in any way.”
“Customer funds and sensitive data are safe within our back-end systems, and our security team has done an incredible job to identify the situation and very quickly notify the Celsius community with extreme urgency on the steps and precautions to be followed.”
According to the announcement, Celsius’ staff is now aggressively researching how the unauthorised actor gained access to its third-party email system.
“We know that customers who did not register an email or phone number with Celsius received fraudulent messages to these contact details, so we believe the data was obtained from external data sources,” the article continued.
The email compromise occurred the day after Celsius’ native CEL token was listed for trading on major exchange OKEx.
Despite the incident, the price of CEL has increased by nearly 1% in the last 24 hours and by 50% in the last two weeks. According to CoinGecko, the last time Cel changed hands was for $7.03.