U.S. digital investment advisor Betterment confirmed that hackers breached its systems and sent fake crypto-related messages to some customers.
The threat actor last week delivered fraudulent emails from Betterment infrastructure, luring recipients into a reward scam disguised as a company promotion that claimed to triple the amount of cryptocurrency sent to a specific address.
The company has more than one million customers, for whom it manages $65 billion in various assets. The platform is a mix between automated investment and financial advice services, and is considered one of the pioneers in the U.S. "robo-advisory" sector.
Crypto scam
On January 9, an attacker gained access to a third-party software platform that Betterment uses for marketing activity and used it to distribute a crypto reward scam, just like in the case of Grubhub right before Christmas.
"Once they gained access, the unauthorized individual was able to send a fraudulent, crypto-related message that appeared to come from Betterment to a subset of our customers," explained the firm.
The company underlined that its technical infrastructure remained secure and was not impacted in any way; no customer accounts were accessed, and no account credentials were exposed.
However, the attacker still accessed certain customer information stored on the compromised system, which was viewable by the hijacked account, including:
Full names
Email addresses
... continue reading