- Blockfolio users got a shock this morning when they were met with a racist message
- The message was the result of a hack, which also saw the Bitcoin name replaced with a racist name
- Blockfolio owner Sam Bankman-Fried assured users that the incident was being looked at urgently
Users of cryptocurrency portfolio app Blockfolio were met with an unsavory start to the day after hackers infiltrated an RSS feed and used the notification settings to post racist comments and purported links to child pornography. The hackers also replaced the Bitcoin name with a racist name in an incident that, while not raising user funds, is a reminder that hacks of all sorts are possible in the space.
Blockfolio Users Get (Very) Rude Awakening
The racist message began doing to rounds on Twitter earlier today, with the same Blockfolio notification occurring on several coins:
A later notification included a link to “best child porn”, which some Twitter users felt the need to urge others not to click on lest it be a phishing attempt…or child pornography. It became immediately clear that the a hack was in progress, but the assumption that it had been just a hack on the notification side was soon dispelled, as the Bitcoin name was replaced by a racist term:
Blockfolio were quick to acknowledge the hack, reassuring users that funds were safe, and later offering a further update:
We are incredibly sorry about the offensive messages posted today.
1: no funds/etc. were affected; this did not interact with any trading features.
2: we have revoked access to the compromised Signal submitter and removed the messages.
— Blockfolio (@blockfolio) February 9, 2021
Alameda Promises Investigation
Blockfolio was purchased by FTX founder Sam Bankman-Fried, who also rescued SushiSwap last year, and he was immediately on the case, issuing an apology and outlining the steps that would be taken to remedy the situation:
— SBF (@SBF_Alameda) February 9, 2021
While the exact methodology behind the Blockfolio hack is not yet known, Alameda acknowledged in a later tweet that, “Way too many people had the ability to send out Signal notifications”, suggesting that an internal review of the Signal process is in the pipeline.
More information on the Blockfolio hack will likely be made public in the coming days and weeks as more is known and steps taken to prevent a repeat.