In a startling security failure, the automated investing platform Betterment accidentally pushed a phishing scam to its users, urging them to transfer $10,000 to crypto wallets with the false promise of tripling their returns. The sketchy notification, which celebrated a “best-performing year,” appeared in-app and via email on Friday, alarming customers who suspected their accounts were compromised.
Betterment quickly responded on X (formerly Twitter), clarifying that the message was “unauthorized” and sent via a compromised “third-party system.” While the company asserts the issue originated externally, it highlights the systemic risks associated with third-party integrations in fintech infrastructure. Users are reminded that legitimate financial institutions will never request direct crypto transfers to arbitrary wallet addresses. This incident serves as a critical reminder to scrutinize notifications, even from trusted sources.
Leave a Reply