Case Study: BlockFi achieves scalable Zero Trust access, simplified security, and rapid DDoS/bot mitigation with Cloudflare

BlockFi simplifies its security stack while enabling scalable Zero Trust remote access to internal resources

BlockFi is a crypto-financial services platform offering interest accounts, crypto-backed loans, a rewards credit card and trading to retail and institutional clients, supporting over 450,000 funded customers and managing about $10 billion in assets (as of June 30, 2021). As the company scaled rapidly (roughly 20,000 new retail sign-ups per week), its security relied on a complex vendor stack and IP-based access controls that were hard to maintain across a global, remote workforce of ~1,000 employees — and during this period BlockFi was hit by a large DDoS and an attack on its sign-up API that threatened performance and growth.

Cloudflare stepped in to stop the attacks within six hours and then replaced BlockFi’s fragmented controls with a Zero Trust platform (ZTNA and SWG), Bot Management, and edge services. The deployment blocked about 10 million malicious bots on day one, eliminated time-consuming IP allow lists (freeing several engineers), enabled secure SSO access for remote employees, and added Cloudflare Workers and Pages to speed development. The result was a greatly simplified security stack, stronger defense-in-depth, improved resilience and scalability, and avoided significant revenue and reputational losses.

BlockFi

Adam Healy

Chief Security Officer