From the CEO: An update on Celsius security
Our security team continues to conduct a full internal investigation. So far we know that an unauthorized party managed to gain access to a third-party email distribution system to send a phishing communication through email and SMS to some Celsius customers and others. The phishing scam’s goal was to get access to recipients’ external wallets, not Celsius wallets, by leveraging the trust that our community has in us. We know that customers who had not registered an email or phone number with Celsius also received fraudulent messages to these contact details, thus we believe the data was collected from external data sources.
I would like to reassure our community that Celsius remains fully secure and our own systems have not been breached in any way. Customer funds and sensitive data are safe within our back-end systems, and our security team has done an incredible job to identify the situation and very quickly notify the Celsius community with extreme urgency on the steps and precautions to be followed. This rapid response has helped minimize the impact to the Celsius community. Our team is providing real-time updates on the Celsius blog and on Twitter, and I will provide another update for the entire community as soon as we have new information.
This phishing scam shows once again that notwithstanding our internal security systems that prevent hacks of Celsius wallets, bad actors continue their attempts to obtain external wallet information to hack into other wallets of crypto users. It reinforces the importance of the message we have consistently delivered to our community members over the years. That is, all crypto assets delivered to Celsius remain completely secure, but with respect to any private wallets, always keep your private keys and passwords private and secure. Furthermore, we have always communicated to our customers and will continue to reinforce that Celsius will never ask for passwords, private keys, seed phrases and other confidential user credentials.
While we do assure every Celsius customer that their assets and sensitive information are safe and secure with Celsius, we are aware that some people — some Celsius customers, some not — fell prey to this phishing attack. Unfortunately, these types of attacks occur all the time on millions of internet users. Celsius community members have already begun reaching out to us, volunteering to help offset the losses that a few of their peers have incurred by falling prey to this scam. To that end, we have started a fund, and will get started with a deposit from Celsius. As we evaluate the broader impact on the Celsius community, we will determine how to appropriately match community contributions.
Donations can be made to the following wallets:
- BTC: 1KBdR5jQ9unrGxevHnFdFwphpu1nS7AD6E
- ETH: 0x7DBe022DcDef584E68bb5D75EfBac4BD3f4a53b7