Payment gateway Transak data breach leaves 92,000 users exposed
Ransomware group Stormous claims responsibility
A major data breach affecting 92,000 individuals has raised urgent questions about cybersecurity in the digital services sector.
Recently, the prominent payment gateway Transak - used by well-known companies like Coinbase and Metamask - experienced a security compromise, exposing 1.14% of its user base.
The breach reportedly began when an employee's dedicated work device was compromised while being used outside the secure work environment.
According to Transak, the leak only involved users' names and basic identity documents, meaning no sensitive financial information was released.
The company's CEO, Sami Start, told Coindesk, "There's no bank statements, there's no social security numbers, there's no credit card information, there's not even any emails or passwords that were accessed, which limits the severity of this incident significantly."
TRANSAK DATA BREACH LINKED TO EMPLOYEE'S LAPTOP USE; RANSOMWARE DEMANDS LOOM
— BSCN (@BSCNews) October 21, 2024
- Transak, a crypto "onramp" for platforms like Binance and Metamask, reported a breach exposing names and basic identity info of 93K users.
- The breach was traced to an employee using their laptop… pic.twitter.com/wmvM2PaeWv
In light of the breach, the ransomware group Stormous has claimed responsibility.
However, according to CoinMarketCap, Transak appears unwilling to engage with the group’s demands. CEO Start expressed doubts about their responsibility and claims of possessing more sensitive data.
🚨Cyberattack Alert ‼️
— HackManac (@H4ckManac) October 21, 2024
🇺🇸USA - Transak
Stormous hacking group claims to have breached Transak, a developer integration for a fiat-to-crypto payment gateway.
Allegedly, 300 GB of sensitive personal documents, including government-issued IDs, proof of address, financial… pic.twitter.com/edy856IfQZ
Nevertheless, the hack has grave implications for the broader crypto ecosystem as Binance.US, Trust Wallet, Coinbase, and other top players use the payment gateway's services.
In direct response to this breach, Trust Wallet has temporarily removed this function from its app.
Due to the recent security incident with @Transak, we've taken precaution and temporarily removed their onramp service from Trust Wallet for your protection. Rest assured, user’s funds remain safe as no sensitive wallet information is exposed to any of our onramp providers. Stay… https://t.co/xRB1ZB1Dtt
— Trust Wallet (@TrustWallet) October 21, 2024
This incident serves as a stark reminder that even the most established firms must remain vigilant. As crypto adoption grows, the industry's players need to prioritize regular security audits, employee education, and stronger safeguards to protect users from an ever-evolving range of threats.
