On February 9, Blockfolio’s Signal feed was briefly compromised, resulting in some users receiving racist messages within the company’s app.
Users said that the culprits went so far as to threaten loss of funds if deposits were not removed from the crypto portfolio platform. While the derogatory messages were reportedly scrubbed by Blockfolio’s security team within about 30 minutes, the incident left many wondering how such an attack could have occurred.
Tweeting on Tuesday, SBF offered updates about the incident, alleging that a competing exchange was to blame.
“We have spent the last four hours investigating every angle and tracking down leads; we’re relieved to say that we’ve figured out what happened,” SBF tweeted, adding:
“This offensive content was produced and published by a competitor exchange of ours who maliciously gained access to someone else’s Blockfolio News/Signal capabilities.”
The FTX CEO condemned the culprit, but did not name the competitor. Access to the Signal feed reportedly did not affect or jeopardize any funds.
According to SBF, Blockfolio has completed their investigation into the matter, and the company has fixed the vulnerability that ignited the situation. The FTX CEO promised to improve the security infrastructure around Blockfolio’s non-trading protocols to prevent similar incidents in the future.
Bankman-Fried was praised by many in the cryptocurrency community for reacting swiftly and transparently to the incident, and as a measure of compensation he apparently added $10 to the trading accounts of affected users. SBF also stated that he has donated to organizations dedicated to fighting racial and societal injustices as a result of the incident.
FTX acquired Blockfolio for $150 million back in August 2020. This is not the first security-related issue the company has experienced. In May 2020, a white-hat hacker named Paul Litvak reported a security flaw that exposed the platform’s source code on older app versions to malicious actors.
At the time, Litvak revealed that the vulnerability was over two years old. Fortunately for Blockfolio, no malicious actor was any the wiser about the flaw’s existence, allowing the company to solve the issue and double-down on a commitment to user privacy.