Digital investment advisor Betterment confirmed a security incident over the weekend involving fraudulent push notifications sent to its clients. Users reported receiving messages promising “triple returns” on cryptocurrency investments. The company attributes the unauthorized messages to a compromised third-party tool rather than a direct breach of its internal systems.
The Scam Notification
Users began reporting suspicious activity on Saturday across social media platforms like Reddit. The notifications appeared directly within the Betterment mobile interface and via standard push alerts, lending the scam a veneer of legitimacy.
The message announced a fake “Triple Crypto App” launch. It directed users to a malicious external website designed to harvest credentials or funds.
Key characteristics of the fraudulent message included:
- Promises of 300% returns on crypto assets.
- Links directing users to a phishing domain distinct from Betterment’s official site.
- Urgent language designed to prompt immediate user action.
Betterment’s Response and Mitigation
Betterment quickly acknowledged the issue via social media channels and direct communication. The company stated that a bad actor gained unauthorized access to a “custom notification feature” managed by an external vendor.
The firm took immediate steps to mitigate the threat. Engineers disabled the compromised notification tool to prevent further transmission of the phishing links.
Crucially, Betterment assured customers that their core systems remain intact. The company stated that user account data, invested funds, and personal identifiable information (PII) were not accessed or compromised during the event.
Third-Party Risk Exposure
This incident highlights the persistent threat of supply chain vulnerabilities in the financial technology sector. Attackers increasingly target third-party integrations—such as marketing tools or customer support platforms—to bypass the hardened defenses of the primary target.
By compromising a notification tool, attackers successfully leveraged Betterment’s trusted reputation. A push notification from a verified app is statistically more likely to generate clicks than a standard phishing email, making this vector particularly dangerous.
Recommended Actions for Users
While Betterment reports that internal systems are secure, information security professionals recommend users exercise caution.
Do Not Interact: Do not click links regarding “Triple Crypto” or similar high-yield promotions.
Verify Domains: Ensure you are accessing betterment.com directly rather than through message links.
Rotate Credentials: As a precaution, update passwords and verify that Two-Factor Authentication (2FA) is enabled on all financial accounts.
Betterment continues to investigate the scope of the third-party compromise. Users who may have clicked the link or provided information to the malicious site should contact Betterment support immediately.
