As a seasoned crypto investor with over a decade of experience in this wild and dynamic digital frontier, I find myself constantly navigating the delicate balance between enthusiasm and caution. The recent news about Transak’s data breach is a stark reminder that the world of cryptocurrencies is not immune to the threats that plague traditional finance.
As a researcher reporting on the matter, I’m sharing that, following a data breach at Transak, my findings indicate they temporarily halted their fiat-to-crypto payment service through Trust Wallet for security reasons, allowing them to thoroughly investigate and address the issue.
Based on the announcement from Transak, it appears that hackers managed to gain access illegally into a third-party employee’s laptop. This unauthorized entry was facilitated by a highly advanced phishing technique targeted at one of Transak’s KYC suppliers. As a result, information such as names from more than 92,554 users was obtained by the criminals.
Due to the recent security incident with @Transak, we’ve taken precaution and temporarily removed their onramp service from Trust Wallet for your protection. Rest assured, user’s funds remain safe as no sensitive wallet information is exposed to any of our onramp providers. Stay…
— Trust Wallet (@TrustWallet) October 21, 2024
Over 5 million individuals utilize Transak’s platform, and fewer than 2% of these users experienced an issue, as stated in their blog post dated October 21st. The company has collaborated with law enforcement for the investigation and announced intentions to reach out to each user who was affected.
Many digital wallet services such as Trust Wallet, Metamask, Ledger, and Coinbase utilize the Transak service for converting traditional fiat money like US dollars into cryptocurrencies such as Bitcoin (BTC) or Ethereum (ETH). In simpler terms, they make use of Transak’s payment pathway to transfer value from conventional currencies to digital assets.
Additional cryptocurrency wallet providers might temporarily halt their services until the issue is resolved. However, it’s important to note that the stolen Know Your Customer (KYC) data has not been used for any malicious purposes yet. A prominent cybersecurity company underscored this point.
At present, it seems that the data hasn’t been exploited, but we urge those impacted to stay alert and watch for unusual behavior. We plan to contact affected individuals, providing them with guidance and tools to safeguard their information from potential misuse. Additionally, we may offer identity monitoring services as a resource.
Transak blog post
During their investigation, the startup discovered that the cyber attack was carried out by a notorious group known as Stormous. It seems they managed to swipe more than 300 gigabytes of user data and published stolen personal information on their site without authorization. Moreover, this ransomware organization boasted about an earlier hack they performed in July – that of web3 identity protocol Fractal ID.
Read More
Sorry. No data so far.
2024-10-21 23:02