NYDIG, BlockFi, Pantera, Circle All ‘Targeted’ in HubSpot Data Breach

HubSpot – which stores users’ names, email addresses and phone numbers – said that the breach was a “targeted incident focused on customers in the cryptocurrency industry”

article-image

Blockworks Exclusive art by axel rangel

share

key takeaways

  • Around 30 clients were impacted, but the full list has not been released yet from HubSpot, nor is the precise nature of the data known
  • Companies known to be affected said customer funds are still safe and secure

In an attempt to target large crypto stakeholders, hackers breached third-party marketing vendor HubSpot last week.

NYDIG, Pantera Capital, BlockFi, Circle and Swan Bitcoin were among those hit by the data breach, per outreach emails reviewed by Blockworks. Affected companies maintain customer funds are still safe and secure. User information was leaked to hackers, but passwords and other sensitive personal information were not. 

HubSpot — which stores users’ names, email addresses and phone numbers — said that the breach was a “targeted incident focused on customers in the cryptocurrency industry.”

One “bad actor,” according to a spokesperson from HubSpot, had “compromised a HubSpot employee account” to access the information. Around 30 clients were impacted, all of whom have been informed.

“We have terminated access for the compromised HubSpot employee account and removed the ability for other employees to take certain actions in customer accounts,” the Massachusetts-based company said in an email to Blockworks. “We take the privacy of our customers and their data incredibly seriously.”

Adam Healy, chief security officer at BlockFi, said that vendors like HubSpot who are “trusted with client information” are “subjected to a number of reviews.” 

“However, even in those cases, vendors can make mistakes and as evidenced by Friday’s events have incidents that impact us and our clients,” Healy said in a statement sent to Blockworks. 

Circle, the financial services firm that issued the dollar-linked stablecoin, said in a statement to Blockworks that financial transaction data was not “impacted by the security incident.” 

“We have communicated with the affected parties and will follow up with them on any material developments as we continue to monitor and investigate the incident,” a Circle spokesperson told Blockworks.

“Sensitive personal information, like Social Security numbers or government-issued identification, were not accessed as this information is not stored on HubSpot.”

Pantera Capital said that its HubSpot account had been compromised last month. The crypto VC firm sent out an email on March 19, assuring clients that their funds were still secure. 

Events like the HubSpot hack are “impossible to avoid” but pale in comparison to “traditional companies,” Greg Gopman, chief marketing and business development officer of Web3 infrastructure company Ankr, told Blockworks.

“There’s a good chance that a traditional company would have lost its customers’ funds in such a broad attack,” Gopman said. “But the blockchain is way more secure, and their treasuries weren’t even touched. Decentralized infrastructure protects data.”

The full extent of the HubSpot hack is still unclear, however, because the company hasn’t disclosed exactly how much data was leaked. The investigation is ongoing.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Research Report Templates.png

Research

The convergence of DePIN and energy generation aims to address modern grid challenges by incentivizing distributed generation.

article-image

US states are now competing for Bitcoin bragging rights

article-image

The deal is likely to fuel further M&A around derivatives trading and infrastructure, Architect Partners’ Michael Klena says

article-image

Stripe announced Stablecoin Financial Accounts, which will allow businesses to have “stablecoin-powered accounts”

article-image

The deal is made up of $700 million in cash and 11 million shares of Coinbase’s Class A common stock

article-image

Blockworks Research uses numbers to help crypto advance to a higher stage of storytelling