Nansen, a prominent on-chain analytics platform, has issued a security warning to its users following a security breach originating from a third-party vendor.
The security compromise allowed hackers to steal password hashes of Nansen users, prompting an immediate investigation.
Nansen’s Users’ Password Hashes Compromised in Attack
On Sept. 20, Nansen was alerted to a breach in the security defenses of one of its trusted third-party vendors. This breach granted unauthorized access to an account responsible for provisioning customer access to the Nansen platform.
According to a statement from the company, the third-party vendor involved is a reputable entity, serving many Fortune 500 companies and other enterprises in the crypto industry. Nansen also advised the vendor to disclose the breach to inform other potential victims publicly.
?? Important update from us at Nansen. Please take a moment to read this. pic.twitter.com/syKE0sNnC6
— Nansen ?? (@nansen_ai) September 22, 2023
Preliminary findings from the investigations conducted over the past 48 hours reveal that approximately 6.8% of Nansen’s user base has been affected by the breach. These users had their email addresses exposed, with some of them having their password hashes revealed as well. Furthermore, some of them had their blockchain addresses compromised.
Nansen Takes Action Following Security Breach
Following the incident, the affected users were sent an email by support informing them about the extent of the exposure while also advising them to reset their passwords.
Users were urged to change their passwords as a precautionary measure due to the potential risk of unauthorized access from the exposed email addresses and password hashes.
Additionally, the company assured that users’ funds in their wallets remained secure, as Nansen does not request private keys. However, clients were advised to stay vigilant against phishing attempts and to verify the authenticity of any messages claiming to be from Nansen.
In the face of this security challenge, Nansen’s CEO, Alex Svanevik, emphasized his firm’s commitment to transparency and user communication, stating, “We understand the concerns of users impacted by this. Ensuring the security of customer data is extremely important to us. We are working closely with the vendor, our external legal advisors, and cybersecurity experts to conduct a full investigation.”
