Least privilege limits the access of a particular user to what is necessary, which limits the damage that a user account can do if compromised. Strong access management requires implementing least privilege and multi-factor authentication (MFA). While the details of the incident are still unknown, it is likely that the hack was enabled by poor access management policies within Blockfolio.
![blockfolio app fees blockfolio app fees](https://www.disruptordaily.com/wp-content/uploads/2019/06/Delta.png)
In this hack, the attacker was able to take control of Blockfolio’s Signal submitter to broadcast racist and offensive messages to its users. Analysis of this attack provides a few important takeaways for Blockfolio in particular and any blockchain company in general. Instead, the attacker exploited a weak point in the company’s defenses to tarnish customer relationships. Unlike many blockchain project hacks, this particular attack did not involve the theft of users’ money or even place it at risk.
![blockfolio app fees blockfolio app fees](https://pouvaitmal.com/ezmwj/pRTkrxLsRFqO_5_FONaZzwAAAA.jpg)
With access to the company’s Signal submitter and other infrastructure, the attacker was able to push racist and offensive messages to Blockfolio users. These customer-facing systems are what were compromised in the attack. Additionally, Blockfolio maintains a display and news section for customer interactions. The company uses Signal to broadcast messages to its users, enabling Blockfolio to provide direct updates to customers. The target of this particular attack was Blockfolio’s customer communications infrastructure.
![blockfolio app fees blockfolio app fees](https://coincentral.com/wp-content/uploads/2019/01/portfolio1.jpg)
No trading functionality was impacted by the incident, user funds are still safe, and the company is even providing a $10 credit to current and new users (for one week). The Blockfolio hack did not target the company’s trading infrastructure. On February 9, 2021, the platform was hacked, causing it to send offensive and racist messages to its users. Blockfolio is a portfolio management application that allows no-fee trading of cryptocurrency and stocks.