NYDIG, BlockFi, Pantera, Circle All ‘Targeted’ in HubSpot Data Breach

HubSpot – which stores users’ names, email addresses and phone numbers – said that the breach was a “targeted incident focused on customers in the cryptocurrency industry”

article-image

Blockworks Exclusive art by axel rangel

share

key takeaways

  • Around 30 clients were impacted, but the full list has not been released yet from HubSpot, nor is the precise nature of the data known
  • Companies known to be affected said customer funds are still safe and secure

In an attempt to target large crypto stakeholders, hackers breached third-party marketing vendor HubSpot last week.

NYDIG, Pantera Capital, BlockFi, Circle and Swan Bitcoin were among those hit by the data breach, per outreach emails reviewed by Blockworks. Affected companies maintain customer funds are still safe and secure. User information was leaked to hackers, but passwords and other sensitive personal information were not. 

HubSpot — which stores users’ names, email addresses and phone numbers — said that the breach was a “targeted incident focused on customers in the cryptocurrency industry.”

One “bad actor,” according to a spokesperson from HubSpot, had “compromised a HubSpot employee account” to access the information. Around 30 clients were impacted, all of whom have been informed.

“We have terminated access for the compromised HubSpot employee account and removed the ability for other employees to take certain actions in customer accounts,” the Massachusetts-based company said in an email to Blockworks. “We take the privacy of our customers and their data incredibly seriously.”

Adam Healy, chief security officer at BlockFi, said that vendors like HubSpot who are “trusted with client information” are “subjected to a number of reviews.” 

“However, even in those cases, vendors can make mistakes and as evidenced by Friday’s events have incidents that impact us and our clients,” Healy said in a statement sent to Blockworks. 

Circle, the financial services firm that issued the dollar-linked stablecoin, said in a statement to Blockworks that financial transaction data was not “impacted by the security incident.” 

“We have communicated with the affected parties and will follow up with them on any material developments as we continue to monitor and investigate the incident,” a Circle spokesperson told Blockworks.

“Sensitive personal information, like Social Security numbers or government-issued identification, were not accessed as this information is not stored on HubSpot.”

Pantera Capital said that its HubSpot account had been compromised last month. The crypto VC firm sent out an email on March 19, assuring clients that their funds were still secure. 

Events like the HubSpot hack are “impossible to avoid” but pale in comparison to “traditional companies,” Greg Gopman, chief marketing and business development officer of Web3 infrastructure company Ankr, told Blockworks.

“There’s a good chance that a traditional company would have lost its customers’ funds in such a broad attack,” Gopman said. “But the blockchain is way more secure, and their treasuries weren’t even touched. Decentralized infrastructure protects data.”

The full extent of the HubSpot hack is still unclear, however, because the company hasn’t disclosed exactly how much data was leaked. The investigation is ongoing.


Don’t miss the next big story – join our free daily newsletter.

Tags

Upcoming Events

Hilton Metropole | 225 Edgware Rd, London

Mon - Wed, March 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience: Attend expert-led panel discussions and fireside chats Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts.

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Top Icon.png

Research

Osmosis thrived in H2 2023 on the back of increased DeFi activity deriving from recently launched Cosmos-related projects and better market conditions. With new value accrual mechanisms for the native token, Osmosis is well-positioned to continue its strong performance in 2024.

/

article-image

The settlement ends the legal battle over eth.link, a domain once owned by imprisoned developer Virgil Griffith

article-image

TBC President Lee Bratcher told Blockworks he’s “confident” about the Council’s case against the DOE

article-image

The Monday trading volumes total passes the previous high mark set on the fund’s first day of trading nearly seven weeks ago

article-image

The hearings are expected to last for a couple of days as the court hears arguments for and against the bankruptcy plan proposed by Genesis

article-image

Equities were mixed toward the end of Monday’s session while cryptocurrencies continued their rally

article-image

Though the opposing flow trend is likely to slow over time, industry watchers note, bitcoin fund assets could one day eclipse the $90 billion gold ETF space