Trust Wallet temporarily suspended Transak’s fiat-to-crypto payment service after the Miami-based firm suffered a data breach.
According to Transak’s official statement, hackers gained compromised credentials through “unauthorized access” to a third-party employee’s laptop. The sophisticated phishing tactic used against a Transak KYC vendor allowed criminals to obtain personal data like names belonging to over 92,554 users.
Due to the recent security incident with @Transak, we’ve taken precaution and temporarily removed their onramp service from Trust Wallet for your protection. Rest assured, user’s funds remain safe as no sensitive wallet information is exposed to any of our onramp providers. Stay… https://t.co/xRB1ZB1Dtt
— Trust Wallet (@TrustWallet) October 21, 2024
More than 5 million people use Transak’s service, and less than 2% of its users were impacted, per the company’s blog post on Oct. 21. The firm said it has engaged law enforcement to help in the investigation and disclosed plans to contact all affected users.
Several digital asset storage providers like Trust Wallet, Metamask, Ledge, and Coinbase employ Transak’s fiat-to-crypto or onramp payment corridor to ferry value from currencies like U.S. dollars to Bitcoin (BTC) or Ethereum (ETH).
More crypto wallet companies may pause support till the situation is rectified. Still, the firm stressed that the stolen KYC materials have not emerged as part of nefarious activities. A leading cybersecurity firm
Currently, there is no indication that the data has been misused. However, we advise affected users to remain vigilant and monitor for suspicious activity. We will be reaching out to affected users with advice and resources on protecting themselves from potential misuse of the information and offering resources such as identity monitoring services.
Transak blog post
As the startup probed the incident, ransomware syndicate Stormous claimed responsibility for the breach. Stormous apparently stole over 300 gigabytes of user data and posted illegally obtained personally identifiable information on its website. The ransomware gang also took credit for hacking web3 identity protocol Fractal ID back in July.