The scam messages circulated via a third‑party system and were described as unauthorized by Betterment on social media and in reports.

Targeted customers were contacted and advised to disregard the fraudulent message.

Betterment confirmed a data breach after hackers used a third-party marketing platform to send fraudulent crypto-themed emails to a subset of customers, including a message promising to triple investments by directing $10,000 to a wallet controlled by the attacker.

The company urged vigilance against social engineering and advised customers never to share passwords or sensitive information via email, phone, or unexpected messages.

Betterment did not disclose the exact number of affected customers or the specific third-party platform, attributing the incident to identity impersonation rather than a direct breach of its own systems.

An update on the incident was posted on Betterment’s site, though the page uses a hidden noindex tag to limit visibility of the information.

Betterment said it detected the attack on the day it occurred, revoked unauthorized access, and launched a comprehensive, ongoing investigation with help from a cybersecurity firm.

Investigators found that personal data including names, email and postal addresses, phone numbers, and dates of birth were accessed for some customers, while accounts and credentials remained secure.

This incident fits a broader pattern of crypto-reward scams distributed through compromised marketing channels observed with other firms around late December.

While the attackers ran targeted phishing campaigns with crypto-themed messages, Betterment’s core technical infrastructure and customer accounts were not breached.

Betterment reiterates that no customer accounts or login credentials were accessed and no passwords were compromised.

On January 9, attackers gained access to the compromised marketing platform and sent messages using a Betterment subdomain, falsely offering to triple deposits.