Let’s recall the most outrageous data leaks that recently occurred in the crypto industry
Personal data is an asset valued almost as high as fiat money and physical property. It is a key to identity theft that allows criminals to obtain credit, goods, services, or any other benefits without attached legal or financial responsibilities. What can be more enticing than stealing the data of those involved in the crypto exchange? While the industry itself is not well-regulated, and many transactions take place anonymously, it’s hard to identify and prosecute the thieves.
Although the crypto exchanges and related businesses take stronger precaution measures, data leaks still occur.
Ledger users must particularly beware of phishing attacks. Due to the infamous data breach in July 2020, personal details of about 1 million clients leaked from the crypto wallet company’s e-commerce database. Recently, home addresses and telephone numbers of 272,000 Ledger customers have been released online by hackers. Though it doesn’t directly affect their digital assets or hardware devices, Ledger customers must take all precautions and check the Ongoing phishing campaigns page to find out more about the already detected schemes targeting crypto owners.
Moreover, customers of the famous French software developer are afraid of physical attacks since their home addresses are known to the general public. They have received emails with death threats and robbery threats. Criminals even demand a ransom in exchange for customers’ safety. Though Ledger CEO Pascal Gauthier believes the threats are nothing more than an “online scam”, he has advised wallet holders not to store their private keys at home.
Some Ledger users reported losing their digital currency holdings in the wake of this hack. Yet Pascal Gauthier stated Ledger has no intention of compensating affected customers taking into account the massive scale of the data leak.
Crypto exchange Digitex Futures became another data leak source in February 2020. However, the company didn’t fall victim to any hacking attacks. Reportedly, a former employee holding a grudge against his employer is to blame. Anyway, the personal data of a few Digitex users, including passport photos and driving licenses, started appearing on a Telegram channel. The self-proclaimed “Digileaker” claims to have unrestricted access to all the KYC information of 8000+ customers that have used the Digitex Treasury from its inception date until today.
These details include document copies, addresses, phone numbers, and other information like IP addresses. Hopefully, this claim is unsubstantiated. At least, one source familiar with the matter told Cointelegraph that the data of 8,000 customers “has not been breached”, believing the perpetrator is bluffing.
The exchange itself will not comment on the scale of the incident until more details are revealed. The company claims the investigation is still ongoing, despite it’s been a year and it hasn’t given any updates on it. Nevertheless, Digitex decided to fully remove the KYC check from the platform in response to the incident.
OTC bitcoin marketplace discovered a breach of its customers’ data on February 7. Hackers have stolen email addresses, names, trade counts, total traded amounts, and passwords in the hashed form. Withdrawal requests were disabled for a few days giving the exchange some time for investigation. Meanwhile, users were advised to change their passwords. Suspicious withdrawal requests were stopped in time to prevent any bitcoin losses. In an attempt to enhance security measures, KeepChange has activated “Login Guard.” After each login, a user will receive an email with a link, which should be opened to access the account.
India-based cryptocurrency exchange and wallet had data of its 325,000 users stolen by hackers. Information that appeared on the dark web includes personal data, encrypted passwords, user wallet details, order details, bank details, PAN numbers, passport numbers, and deposit histories. The media claims that the theft was performed by the hacker group called ShinyHunters. This group had already exposed data of over 129 million customers from dozens of databases. BuyUcoin is still investigating the issue and has made no explanatory comments so far.
Cryptocurrency exchange Poloniex, owned by Circle Internet Financial, sounded the alarm about the alleged data leak in late December 2019. The company forced a password reset on those users whose credentials were on the list published on Twitter (about 1% of their customer base). Thankfully, a thorough investigation concluded that data in that list were all previously breached usernames and passwords from other sites. Nevertheless, since many people use the same passwords for different websites, users were still advised to change their passwords and use 2FA.