Malta Today and Izvestia reported a major leak of users’ private information. Malta’s Trident Cypto Fund investment database was published online by unknown attackers.
Leakage of private information of cryptocurrency holders
According to the technical director of the cyber security firm, DeviceLock, Ashot Oganesyan, the data of approximately 266,000 registered people were posted on numerous file sharing sites. According to the report:
“… This is the largest data leak affecting cryptocurrency depositors in the Russian Federation. The database contains emails and passwords of customers, with which the attackers can connect to accounts and withdraw the money invested in electronic wallets ”.
The stolen database includes e-mail addresses, cell phone numbers, encrypted passwords and IP addresses. Hackers also posted a description of the vulnerability of the site that made it possible to access information.
The information was decrypted on March 3
The data was posted online on February 20, and on March 3, hackers were able to decrypt and publish a list of 120,000 passwords. One of the victims confirmed a connection with Trident Crypto Fund. However, the user did not invest in the fund and only registered for a seminar.
According to the site, Trident Crypto Fund seems to offer its clients the opportunity to invest in their own crypto indices based on the top 10 cryptocurrencies. The published results show that the BTC-based index increased by 1400% in 2017, while Bitcoin grew by 800%.
Poor security leads to the leak of private information
The Izvestia report quotes Alexei Krichevsky, an expert at the Academy of Finance and Investment Management. He mentioned that Trident Crypto Fund is not among the most popular crypto funds. The fact that such a large amount of personal data has been obtained is an alarm signal for all companies that handle such information:
“… The infrastructure of both sites and the protection of crypto funds is simpler than, for example, the security measures implemented by banks and other financial companies. Therefore, additional data leaks can be expected in the future. ”
Unfortunately, incidents with user databases have become more frequent recently. Last week, the Digitex exchange suffered a similar incident, though the company claimed that only e-mail addresses were published.