Transak discloses data breach affecting nearly 100,000 users, Stormous ransomware gang claims responsibility
Quick Take Transak, a Miami-based fiat-to-crypto payment gateway used by major blockchain platforms, disclosed on Sunday it suffered a data breach affecting 1.14% of its users. Stormous ransomware gang, which claims responsibility for hacking web3 identity solution Fractal ID, also says it is behind the Transak exploit.
Transak, a Miami-based fiat-to-crypto payment gateway used by Metamask, Trust Wallet, Coinbase, Ledger, among other blockchain platforms, disclosed on Monday it suffered a data breach affecting 1.14% of its users.
“We have recently identified that an attacker gained unauthorized access to one of our employee’s laptop through a sophisticated phishing attack. Using the compromised credentials, the attacker was able to log in to the system of a third-party KYC vendor that we use for document scanning and verification services,” the company explained in a blog post.
The attacker reportedly gained access to sensitive personal data, including names and other personally identifiable information (PII). However, Transak, which operates a non-custodial on-ramp, “can confirm” that no assets or “financially sensitive” data like social security numbers or credit card details was compromised.
Transak, which claims to have over 5 million users, told The Block that 92,554 users were affected. "We are reaching out to all of these users to provide clarity," CEO Sami Start said in an email. The is also working with law enforcement. "We have informed relevant data protection authorities, including the Information Commissioner’s Office (ICO) in the UK and other regulators across the EU and US, with analysis for other countries in progress."
The Notorious Stormous ransomware gang has claimed responsibility for the hack, posting some of the stolen records on its site . The ring also recently disclosed it was behind the breach of Fractal ID —a decentralized identity system that provides identity verification and provisioning for Web3 projects—in July.
Stormous claims to have stolen 300 gigabytes of data from Transak, including sensitive documents such as IDs, addresses, financial statements and selfies used during the know-your-customer onboarding process.
“Currently, there is no indication of data misuse. However, we advise affected users to remain vigilant and monitor for suspicious activity. We will reach out to affected users with advice and resources to protect themselves from potential misuse of information, including identity monitoring services,” Transak said.
Last week, Stormous claimed responsibility for another seeming exploit of Fractal ID, claiming to have obtained 12 gigabytes of the organization's data, including personal photos, bank statements, addresses and ETH/BTC addresses.
In response to onchain sleuth ZachXBT, the first to notice the association between the Fractal and Transak exploits, Fractal co-founder Julian Leitloff said, “we've been contacted last week by some party recycling the material from August as evidence of a breach,” suggesting the stolen data is not new.
“We've nonetheless scoured our systems for evidence of something amiss and haven't seen anything off,” Leitloff said, adding it’s been “business as usual” since the July incident.
Both firms have hired external parties to look into the data breaches.
“Most people do not have a choice as various centralized platforms are partnered with Fractal ID and require KYC to use them,” ZachXBT said.
Editor's note (Oct. 21, 2024): Updates headline after Transak responded to a query from The Block.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Trump nominates several diplomatic envoys
SBI and SIX joint venture AsiaNext lists USD MMF and launches digital collateral solution