Betterment Data Breach Sparks Crypto Scam Wave
▼ Summary
– Betterment, a U.S. digital investment advisor, confirmed a breach where hackers used its systems to send fraudulent crypto scam emails to a subset of its customers.
– The attacker gained access on January 9 via a compromised third-party marketing platform, not Betterment’s core technical infrastructure, so no customer accounts or credentials were accessed.
– The scam emails, appearing legitimate, promised to triple cryptocurrency deposits and exposed customer personal information like names, addresses, and dates of birth from the marketing system.
– Following the incident, Betterment faced a DDoS attack and login issues, and the same threat actor had previously executed a similar scam against Grubhub in December.
– Betterment has removed the unauthorized access, is investigating, and advises customers to be vigilant, as it will never solicit sensitive information like passwords.
A major data breach at the digital investment platform Betterment has triggered a wave of cryptocurrency scams targeting its customer base. The incident highlights the persistent threat of social engineering attacks, even against established financial services firms. Hackers infiltrated a third-party marketing tool used by the company, gaining the ability to send fraudulent emails that appeared completely legitimate to a segment of its users.
The attack occurred on January 9th, when an unauthorized individual accessed a software platform Betterment employs for marketing activities. This compromised system was then used to distribute a crypto reward scam, mimicking a similar breach at food delivery service Grubhub just before Christmas. From the legitimate email address “support@e.betterment.com,” customers received messages with the subject line “We’ll triple your crypto! (Limited Time).” The body of the email falsely claimed the company was celebrating a successful year by tripling Bitcoin and Ethereum deposits for a limited three-hour window, even listing specific wallet addresses.
Betterment has confirmed that the breach did not compromise its core technical infrastructure or grant access to any customer accounts. No account credentials or sensitive financial data were exposed. However, the attacker did view certain personal information stored within the hijacked marketing system. This data included customers’ full names, email addresses, physical addresses, phone numbers, and dates of birth.
The company acted quickly, publishing a statement on the day of the incident to warn customers that the promotional offer was entirely fake and should be ignored. They also sent follow-up communications from the same email address used in the attack to clarify the situation. In a subsequent update, Betterment stated the unauthorized access had been removed and reiterated there was no indication of any breach into customer investment accounts. They have promised a detailed post-mortem report once their internal investigation concludes.
Following the initial breach report, sources indicated that Betterment faced additional cyber threats, including extortion attempts and a distributed denial-of-service (DDoS) attack. Some users experienced difficulties accessing the platform’s desktop and mobile applications during this period. The company’s latest communication emphasizes it is enhancing protections against social engineering and urging users to remain cautious of unexpected messages. They stress that Betterment will never proactively request passwords or sensitive personal information via call, text, or email.
This event mirrors a nearly identical attack on Grubhub in late December, believed to be orchestrated by the same threat actor. In that case, the hackers promised a tenfold return on cryptocurrency deposits after breaching systems used for communicating with restaurant partners. Grubhub confirmed it addressed the issue but provided no further details on the breach itself. The pattern underscores a concerning trend where attackers exploit third-party vendor access to launch convincing financial scams against large customer databases.
(Source: Bleeping Computer)
