BLOKBOT OFFICIAL STATEMENT ON CYBERATTACK 30/11/2021
This is a general notice to inform blokbot users that at approximately 19:40 on 30 November 2021, blokbot’s Server was subject to a criminal cyber-attack.
It is not yet known who is behind this attack but steps were immediately taken to mitigate against this hack and in the spirit of transparency this notice is provided to keep our users updated and informed.
The Server was holding some “Secret Keys” and “API Keys”. The data on the Secret Keys and API Keys are used to connect though to Binance, allowing blokbot to utilise its algorithm to trade on behalf of its user’s accounts.
It appears that a malicious script was run on the Server as part of the sign-up process. Our database was compromised, but as funds are not held by blokbot, no payment information or personal details were on the Server or made available to the cyber criminals. This malicious script ran for approximately 60 minutes.
A small number of users (we have identified ten in number) have reported unusual activity on their account with the purchase of coins and then the subsequent sale at a reported loss.
What have we done to combat the cyber-attack?
We have already informed the police via Action Fraud that this attack took place against the Server.
Once we understood the nature and entry point for the hack, we mitigated immediately by doing the following:
Informed our users and liaised with those users affected by the existence of the attack;
Removed the sign-up form and any access to our backend Server so nothing could be created from now until further security measures are taken;
Went through the access logs to find the script affected and removed any access to the script;
Removed all API Keys and Secret Keys that had been stored in the database;
Disabled any access to third party code so that they could not be modified;
Removed all admin access to the website and changed all passwords;
Blocked the IP addresses of the malicious script attempting access to the Server;
Put a temporary hold on the sign-up processes and stopped all algorithmic tools from running, until improvements are made to the system;
We have liaised with Binance to ensure that no trades are made from API keys connected with blokbot.
What happens next?
The malicious entry point has been removed. We are now liaising with the relevant authorities to help identify the perpetrator of this attack.
We are taking the necessary steps to bolster our security to ensure user’s accounts are safely re-opened.
What if you have been affected?
It remains the case that blokbot does not hold any funds for any person. Any user funds are held in the user’s platform account with Binance. We do not believe at this time that any money lost will be recoverable. Nevertheless, we will assist the authorities in all endeavours to bring to justice those that have carried out this attack.
We will provide a further update as we become aware of any further information that is necessary to report.
If you have any queries, please email our team at:
DATE: 02 December 2021