NYDIG, BlockFi, Pantera, Circle All ‘Targeted’ in HubSpot Data Breach

HubSpot – which stores users’ names, email addresses and phone numbers – said that the breach was a “targeted incident focused on customers in the cryptocurrency industry”

article-image

Blockworks Exclusive art by axel rangel

share

key takeaways

  • Around 30 clients were impacted, but the full list has not been released yet from HubSpot, nor is the precise nature of the data known
  • Companies known to be affected said customer funds are still safe and secure

In an attempt to target large crypto stakeholders, hackers breached third-party marketing vendor HubSpot last week.

NYDIG, Pantera Capital, BlockFi, Circle and Swan Bitcoin were among those hit by the data breach, per outreach emails reviewed by Blockworks. Affected companies maintain customer funds are still safe and secure. User information was leaked to hackers, but passwords and other sensitive personal information were not. 

HubSpot — which stores users’ names, email addresses and phone numbers — said that the breach was a “targeted incident focused on customers in the cryptocurrency industry.”

One “bad actor,” according to a spokesperson from HubSpot, had “compromised a HubSpot employee account” to access the information. Around 30 clients were impacted, all of whom have been informed.

“We have terminated access for the compromised HubSpot employee account and removed the ability for other employees to take certain actions in customer accounts,” the Massachusetts-based company said in an email to Blockworks. “We take the privacy of our customers and their data incredibly seriously.”

Adam Healy, chief security officer at BlockFi, said that vendors like HubSpot who are “trusted with client information” are “subjected to a number of reviews.” 

“However, even in those cases, vendors can make mistakes and as evidenced by Friday’s events have incidents that impact us and our clients,” Healy said in a statement sent to Blockworks. 

Circle, the financial services firm that issued the dollar-linked stablecoin, said in a statement to Blockworks that financial transaction data was not “impacted by the security incident.” 

“We have communicated with the affected parties and will follow up with them on any material developments as we continue to monitor and investigate the incident,” a Circle spokesperson told Blockworks.

“Sensitive personal information, like Social Security numbers or government-issued identification, were not accessed as this information is not stored on HubSpot.”

Pantera Capital said that its HubSpot account had been compromised last month. The crypto VC firm sent out an email on March 19, assuring clients that their funds were still secure. 

Events like the HubSpot hack are “impossible to avoid” but pale in comparison to “traditional companies,” Greg Gopman, chief marketing and business development officer of Web3 infrastructure company Ankr, told Blockworks.

“There’s a good chance that a traditional company would have lost its customers’ funds in such a broad attack,” Gopman said. “But the blockchain is way more secure, and their treasuries weren’t even touched. Decentralized infrastructure protects data.”

The full extent of the HubSpot hack is still unclear, however, because the company hasn’t disclosed exactly how much data was leaked. The investigation is ongoing.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Research

article-image

Firedancer begins delegating stake to Solana validators

article-image

A vote ending Monday could introduce a new layer of security for Ethereum’s largest liquid staking protocol

article-image

Framework’s Michael Anderson explains what tokens need in order to be successful

article-image

Conferences are pop-up innovation clusters—and filters for the riff-raff

article-image

Tariff front-running may have caused an artificial bounce in economic data earlier this year

article-image

Waka Flocka Flame-linked BaseDrop is raising some eyebrows