Essential Guide: Betterment Confirms Data Breach After Wave Of Crypto Scam Emails

U.S. digital investment advisor Betterment confirmed that hackers breached its systems and sent fake crypto-related messages to some customers.

The threat actor last week delivered fraudulent emails from Betterment infrastructure, luring recipients into a reward scam disguised as a company promotion that claimed to triple the amount of cryptocurrency sent to a specific address.

The company has more than one million customers, for whom it manages $65 billion in various assets. The platform is a mix between automated investment and financial advice services, and is considered one of the pioneers in the U.S. "robo-advisory" sector.

On January 9, an attacker gained access to a third-party software platform that Betterment uses for marketing activity and used it to distribute a crypto reward scam, just like in the case of Grubhub right before Christmas.

"Once they gained access, the unauthorized individual was able to send a fraudulent, crypto-related message that appeared to come from Betterment to a subset of our customers," explained the firm.

The company underlined that its technical infrastructure remained secure and was not impacted in any way; no customer accounts were accessed, and no account credentials were exposed.

However, the attacker still accessed certain customer information stored on the compromised system, which was viewable by the hijacked account, including:

Messages with the fake offer came from the email address "[email protected]" - a legitimate Betterment subdomain - and had the subject line "We'll triple your crypto! (Limited Time)."

"We're celebrating our best-performing year yet by tripling Bitcoin and Ethereum deposits for the next three hours," read the message received by some Betterment customers.

In some messages, the threat actor claimed that deposits as much as $750,000 were accepted by "January 9, 2025 [sic] 8:45 PM Eastern Standard Time."

Source: BleepingComputer