Crypto on-ramp firm Transak recently halted its services after a phishing attack led to a data breach affecting more than 92,000 users.
In its October 21 post-attack report, Transak revealed that a malicious actor had accessed sensitive user data stored in a third-party KYC vendor’s system after a phishing attack on a Transak employee gave the attacker access to company credentials.
Transak is a fiat-to-crypto gateway, that allows users to purchase and sell digital assets using traditional currencies.
The company integrates directly with major crypto wallets and decentralised applications (DApps), partnering with platforms like Binance, MetaMask, and Coinbase to facilitate transactions.
It offers non-custodial on-ramp services, meaning users retain full control of their digital assets throughout the process.
According to the report, the attacker used the compromised credentials to log into a third-party KYC vendor’s dashboard that handles identity verification services for Transak.
This dashboard contained the sensitive user data that was exposed in the breach.
The breach exposed sensitive information, including names, dates of birth, passports, driver’s licenses, and selfies of 92,554 users, which according to Transak, accounts for just 1.14% of the company’s more than 5 million customers.
Transak has confirmed that no financially sensitive data has been compromised.
Email addresses, phone numbers, passwords, and other financial information such as credit card details were not exposed.
Post-incident measures
Further, it reassured users that it is taking steps to address the breach and has contacted all affected individuals.
The company is currently offering resources, such as identity monitoring services, to help users protect themselves from potential misuse of the compromised data.
The incident has been reported to data protection authorities in the United Kingdom, the European Union, and the United States, and has engaged law enforcement to assist with the investigation.
Transak also noted that the stolen data has not resurfaced elsewhere:
“Currently, there is no indication that the data has been misused. However, we advise affected users to remain vigilant and monitor for suspicious activity.”
Binance-backed cryptocurrency wallet Trust Wallet was among the first to suspend its fiat-to-crypto payment service with Transak as a precautionary measure following the breach.
As of press time, no other wallets or Transak partners have made similar announcements.
Ransomware group takes the blame
In the meantime, ransomware group Stormous has claimed responsibility for the attack.
The group alleged it stole over 300 gigabytes of user data and has posted some of the stolen personally identifiable information on its website.
Stormous is also linked to a previous attack on web3 identity protocol Fractal ID, which was hacked in July.
In that incident, the group targeted the protocol’s user data, compromising similar sensitive information.
Other notable data breaches in the crypto space include that of financial and risk advisory firm Kroll which was targeted in August 2023 and the attackers managed to steal the personal data of creditors from crypto firms like FTX, BlockFi, and Genesis.
Similarly, in 2022, crypto exchange Gemini reported that a third-party incident led to the exposure of 5.7 million user email addresses.
Meanwhile, phishing attacks have become a major threat to both crypto firms and individual users.
Over $750 million worth of funds were stolen via phishing attacks and private key leaks in Q3 2024.
The post Crypto firm Transak hit by data breach, ransomware group takes responsibility appeared first on Invezz
