Crypto Investment Fund Suffers Hack Exposing Data of 266,000 Users: Report
The personal data of about 266,000 people registered with the fund may have been exposed.
In the latest privacy breach to hit the cryptocurrency space, Malta-based Trident Crypto Fund has suffered a major data leak, Russian newspaper Izvestia reports on Thursday.
Ashot Oganesyan, chief technology officer of cybersecurity firm DeviceLock, told the publication the personal data of about 266,000 people registered with the fund was posted on a number of file-sharing websites following the breach.
The stolen database, including email addresses, cellphone numbers, encrypted passwords and IP addresses, was posted online around Feb. 20, along with the description of the website vulnerability that made the breach possible, Oganesyan said. On March 3, the unknown hackers decrypted and published a dataset of 120,000 passwords, he added.
Izvestia reached out to one of the individuals on the database who confirmed a connection to Trident Crypto Fund, though he'd only registered for a seminar hosted by the firm and didn’t invest.
The fund does not list its team members on the website and has no presence in LinkedIn. It’s unclear where the fund is registered or physically located. According to Crypto Fund Research, the fund is based in Malta. It offers clients investment in a “top 10 crypto” index calculated by the fund itself.
There have been no official announcements of the data breach on the fund’s website or in its Telegram group as of Thursday morning European time – when the news was first published.
Trident has not yet responded CoinDesk’s requests for comment via email, Telegram and Facebook.
STORY CONTINUES BELOW
Last week, decentralized derivatives exchange Digitex also suffered a leak of user data, though it said probably only email addresses had been lost in a theft attributed to an ex-employee.
Binance, the largest crypto exchange by trading volume, also saw verification details of possibly 60,000 users allegedly made public last summer. The firm said the know-your-customer data did not match its own, however, and suggested it was not the source of the breach.