Nansen Third-Party Affiliate Suffers Phishing Attack, Blockchain Addresses Exposed

Comments
Loading...
Zinger Key Points
  • The compromised vendor serves Fortune 500 companies and other blockchain entities.
  • Nansen CEO tells Benzinga firm will continue investing in security.

Crypto analytics firm Nansen reported a breach involving one of its third-party vendors. The hack exposed 6.8% of user emails and some blockchain addresses.

What Happened: Nansen CEO Alex Svanevik told Benzinga, "Our team has been working day and night in the last 48 hours to mitigate the impact of this incident. The root cause here was that a breach on the vendor's side gave an attacker access to admin rights in our account."

The breach, which occurred on Sep. 20, allowed the attacker unauthorized access to an account used to provision customer access to Nansen's platform.

"For us, this is naturally very disappointing, but more importantly, it's frustrating for those of our users who were impacted. We have strong data privacy policies and processes internally at Nansen, and we’ll continue investing in our security," Svanevik added.

Nansen halted the unauthorized access and initiated an investigation.

This incident comes at a time when the global focus on digital assets and their security is intensifying, a topic that will be further explored at Benzinga's Future of Digital Assets conference on Nov. 14. The conference aims to shed light on the evolving landscape of digital assets and the importance of robust security measures in the industry.

The compromised vendor, recognized for its services to Fortune 500 companies and other entities in the blockchain sector, is now under scrutiny.

Also Read: Hong Kong Authorities Block Access To JPEX, Exchange Advises User Workaround

Asked to name the vendor, Svaneik said Nansen is not disclosing the name of the vendor but has asked them to communicate on the incident publicly in case others are affected.

Preliminary findings from Nansen's investigation revealed that 6.8% of its users were affected.

While the majority had their email addresses exposed, a smaller subset had their password hashes revealed, and an even smaller group had their blockchain addresses compromised.

Affected users were emailed about the nature of their data exposure.

Reacting to the incident, Nansen dispatched emails on Sep. 21 advising impacted users to reset their passwords. The company emphasized that while they don't store passwords in plaintext, there's a risk of attackers attempting brute force attacks on accounts using the exposed email and password combination.

Nansen assured users their wallet funds remain secure, as the company never requests private keys.

However, they cautioned users to be vigilant against potential phishing attempts and to verify the authenticity of emails purportedly from Nansen.

Read Next: Mt. Gox Repayment Saga Continues, Creditors To Wait Another Year

Meet and engage with transformative Digital Asset and Crypto business leaders and investors at Benzinga's exclusive event  Future of Digital Assets. Tickets are flying   get yours!

Image by Mohamed Hassan from Pixabay

Market News and Data brought to you by Benzinga APIs

Posted In:
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!