In a shocking lapse of security, the automated investing platform Betterment accidentally pushed a crypto scam to thousands of users. The notification, which appeared legitimate, urged recipients to send up to $10,000 to specific Bitcoin and Ethereum wallets with the false promise that the company would “triple your crypto.”
Alert users took to Reddit to expose the sketchy message, which claimed to celebrate a “best-performing year.” Betterment quickly responded on X (formerly Twitter), admitting the alert was an “unauthorized message” sent via a compromised third-party system. While some users received the message via email, the push notification format is particularly dangerous as it bypasses standard email spam filters, appearing directly on user lock screens. This incident serves as a stark reminder that even regulated fintech apps are vulnerable to supply chain attacks and social engineering.
Leave a Reply