On April 14, the service of cryptocurrency lending Celsius Network was attacked by hackers. Unknown persons on behalf of the company sent out SMS messages and e-mail messages to some users demanding to provide confidential information.
An unauthorized party has gained access to a backup third-party mailing system containing a list of the email addresses of some of the clients, more details can be found here
https://celsiusnetwork.medium.com/celsius-security-notice-april-2021-154a587f7ca3What happened:
On April 14, 2021, Celsius customers began reporting a fraudulent website claiming to be an official Celsius platform. We also became aware of some Celsius customers receiving SMS and email messages, that claimed to be official Celsius communication, linking to that website, and prompting recipients to enter sensitive information.
What we know:
An unauthorized party managed to gain access to a back-up third-party email distribution system which had connections to a partial customer email list. Once inside the system, this unauthorized party sent a fraudulent email announcement, of which we know some of the recipients to be Celsius customers.
The intent was to make the recipients believe the fraudulent email came from Celsius, that the fraudulent site was a true Celsius site, and to take ownership of recipients’ cryptocurrency assets from their personal (non-Celsius) wallet by prompting the user to provide the seed phrase to their personal wallet address.
CEO of Celsius Alex Mashinsky released a statement on this issue
https://mashinsky.medium.com/from-the-ceo-an-update-on-celsius-security-6f80b50012bd