Transak recent security breach affects over 1 percent of total users
In a blog post published on Monday, Transak, a cryptocurrency on-ramp utilized by several popular blockchain companies such as Trust Wallet, Coinbase, Metamask, and Ledger, among others, revealed that it had experienced a data breach.
Transak claims that the information that was leaked was restricted to "names" and "basic identity information." A ransomware group that took credit for the attack, however, asserts that it also acquired more private user information.
Since Transak is a fully non-custodial platform, user funds—whether in the form of fiat or cryptocurrency—are never kept on our end and are therefore always safe and unaffected by such attacks. Users always maintain complete control over their assets, guaranteeing that no money is ever in danger.
Response of Transak to recent security breach
The security and privacy of our users are our top priorities at Transak. We just discovered a security breach that affected 1.14% of our users. As soon as the breach was noticed, the company launched a thorough response to stop it, safeguard its systems, and preserve user data. The post added that no vital or financially sensitive data was compromised.
How the breach happened?
The company said it discovered that a sophisticated phishing attack was used by an attacker to obtain unauthorized access to one of its employees' laptops. The attacker gained access to the system of a third-party KYC vendor that we work with for document scanning and verification services by using the compromised credentials. Consequently, the attacker was able to access particular user data that was kept on the vendor's dashboard.
The name and basic identity information for affected users was accessible to the attacker after they successfully logged into this KYC vendor's dashboard. Transak said following its comprehensive checks, no financial data, including social security numbers, email addresses, phone numbers, passwords, credit card information, or any other financial data, was compromised.
Immediate and comprehensive action to secure Transak system
Top forensic specialists and one of the leading cybersecurity companies in the industry have been brought in to carry out a thorough investigation. Due to their experience, Transak claimed to have been able to quickly assess the situation, identify the points of compromise, and immediately prevent illegal access from continuing.
In addition, the company will be reaching out to 1.14% of the total affected users and partners to share transparency on how they were affected. Relevant data protection authorities, such as the UK's Information Commissioner's Office (ICO) and other regulators in the US and EU, have been notified, and reviews for other countries are currently underway, the post added.
About the notorious Stormous ransomware gang
The Notorious Stormous ransomware group has posted some of the stolen records on its website and claimed responsibility for the hack. The ring recently revealed that it was responsible for the July breach of Fractal ID, a decentralized identity system that offers Web3 project provisioning and identity verification.
300 gigabytes of data, including private documents like IDs, addresses, financial statements, and selfies taken during the know-your-customer onboarding process, are allegedly stolen from Transak by Stormous.
Stormous took credit for yet another apparent Fractal ID exploit last week, claiming to have acquired 12 gigabytes of the company's data, including addresses, bank statements, ETH/BTC addresses, and personal photos.
According to the ransomware group, only a portion of the stolen data has been made public. The group threatened to "leak the remaining data or sell it to the highest bidder" if Transak did not pay the ransom.
Disclaimer
This information should not be considered financial advice by any means. Please do your own research before making any investment decisions. The views in the articles are personal opinions only. Whale Insider is not responsible for any financial losses incurred.