Robo-advisor users targeted by official push notifications promising 300% returns on Bitcoin and Ether.
Users of the $45 billion robo-advisor Betterment received a fraudulent push notification Friday night urging them to send crypto to unknown wallets. The unauthorized alert, which appeared directly in the company’s official app feed, promised to “triple” deposits of Bitcoin and Ethereum in a limited-time promotion.
Betterment confirmed the breach shortly after, attributing the incident to a compromised third-party marketing vendor rather than a direct exploit of its core infrastructure.
The Attack Vector
The scam followed a classic “doubler” script but leveraged high-trust delivery channels. The message claimed Betterment was celebrating its “best-performing year” and instructed users to send up to $10,000 in BTC or ETH to receive a 3x return within hours. With Bitcoin trading near $90,500 and Ether hovering around $3,080, the request targeted significant capital.
Unlike standard email phishing, this attack hijacked Betterment’s push notification stream, a vector that bypasses typical user skepticism. Reddit users reported the notification linked to a now-defunct external site designed to harvest funds.
Earlier this evening you may have received a message referencing a crypto-related Betterment promotion. This was an unauthorized message sent via a third-party system we use for marketing and other customer communications.
This incident mirrors the January 2024 MailerLite compromise, where hackers hijacked official email accounts of CoinTelegraph and WalletConnect to distribute similar drainer links. Supply chain attacks on marketing vendors continue to plague the industry, allowing attackers to weaponize the trust established between platforms and their users.
Market Context
Betterment, primarily known for automated ETF investing, offers crypto exposure through a partnership with Gemini. While the robo-advisor’s internal ledgers remain secure, the breach highlights the fragility of peripheral communications infrastructure in fintech. No user funds held on the platform were reported stolen, but the success rate of the external transfers remains unknown.
