Blockchain firm sues JumpCloud over alleged North Korean hacking

20 views 12:48 pm 0 Comments April 2, 2024

LOUISVILLE — Ava Labs Inc., a New York-based cryptocurrency technology startup company that developed the Avalanche blockchain platform, has sued JumpCloud Inc., alleging that the Louisville company’s directory-as-a-service technology platform with identity-authentication capabilities “operated as a revolving door for malicious hackers.”

The lawsuit, filed last week in Boulder County District Court, claims that a 2023 hacking incident that JumpCloud blamed on North Korean state-sponsored actors, resulted in ongoing damages for Ava Labs that could total several million dollars. 

“To be clear, the infiltration did not occur because JumpCloud’s software failed to prevent a targeted attack on Ava Labs,” Ava’s complaint said. “Ironically, perversely, and in complete contravention of its purpose, JumpCloud’s platform was the very doorway through which the threat actors gained access to Ava Labs’ devices, systems, and private data. …It is as if a home security system, rather than protecting the home, remotely opened up a window through which intruders could enter.” 

SPONSORED CONTENT

WomenGive, a program of United Way of Larimer County, was started in Larimer County in 2006 as an opportunity for women in our community to come together to help other women.

JumpCloud, a representative of which declined to comment on the Ava lawsuit, said in a 2023 blog post that a “sophisticated nation-state sponsored threat actor … gained unauthorized access to our systems to target a small and specific set of our customers.” The blog post identified the hackers as operating from North Korea.

After the June 2023 hack, allegedly the result of a phishing attack on a JumpCloud employee, JumpCloud “compounded its many security errors and further jeopardized its customers, such as Ava Labs, by circling the wagons, keeping quiet, and shirking any decency and responsibility to aid customers’ containment and remediation efforts,” the lawsuit claimed. “Instead, JumpCloud undertook only those efforts that would not disclose JumpCloud’s security failures to its customers or provide useful and necessary information and assistance while customers such as Ava Labs scrambled to contain the damage and secure their systems and devices.”

Ava estimates that its direct cleap-up efforts after the hack cost at least $637,500. “Further, Ava Labs has suffered consequential damages (which are ongoing) including, but not limited to, the loss of goodwill and reputation and lost profits as a consequence of Ava Labs’ JumpCloud-enabled infiltration, in an amount to be determined at trial but no less than $2 million.” 

The lawsuit is Ava Labs Inc. vs. JumpCloud Inc., case number 2024CV30280, filed March 28, 2024 in Boulder County District Court.