- Transak confirms over 57,000 users’ data compromised through phishing attack on an employee’s laptop.
- The Stormous ransomware group claims responsibility, with 300GB of personal KYC data exfiltrated.
- Transak assures users that no financial assets were compromised despite data leakage.
Transak, a fiat-to-crypto payment platform, has reported a significant data breach impacting over 57,000 users. The breach, caused by a phishing attack on an employee’s laptop, resulted in the theft of personal identifiable information (PII), including names and addresses.
The attackers accessed a third-party KYC provider that Transak uses for document verification. However, the company has assured its users that no financial information or funds were compromised.
The Stormous ransomware group has taken credit for the attack, stating they stole 300GB of data. This stolen information reportedly includes IDs, financial statements, and selfies collected during the KYC process. Some leaked data has already appeared online, raising concerns about privacy and the security of KYC procedures across the crypto industry.
Transak, integrated into popular apps such as MetaMask and Coinbase, stated that the breach affected around 1.14% of its user base. Although no social security numbers or credit card details were compromised, the incident has raised questions about the safety of KYC measures within the cryptocurrency sector.
The company has dismissed the employee involved and is cooperating with law enforcement and cybersecurity experts to investigate the attack.
Transak has recommended that all affected users monitor for any potential misuse of their personal data and has engaged third-party experts to provide support. They emphasized that no user funds are at risk as their system operates on a non-custodial model.
Despite the seriousness of the breach, Transak has not entered into negotiations with the Stormous ransomware group, which has threatened to release more stolen data unless a ransom is paid. This breach follows other recent attacks in the crypto market, including a $4.5 million hack on Tapioca DAO.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
