Transak confirms no funds at risk after breach impacts 1.14% of users.
Transak, a fiat-to-crypto payment gateway has revealed data breach incident that impacted more than 57,000 users. The compromise which happened through a phishing attack on an employee's laptop has led to the disclosure of personal user data.
The infamous Stormous ransomware group has taken credit for the crypto hack, which has already cast doubt on the security of the crypto industry's KYC measures.
Transak, which is integrated into popular apps including Metamask, Trust Wallet, and Coinbase, admitted the breach in a blog post on Monday. The company said that the attackers used stolen credentials of an employee's laptop to gain access.
The attackers were then able to penetrate the system of a third party KYC provider that Transak uses for the scanning and verification of documents.
However, social security numbers and credit card details were not at risk, but the system contained personal identifiable information (PII) including names and addresses. Transak told users that assets were not in danger because the on-ramp model was non-custodial. Nevertheless, the breach has impacted about 1.14% of the total number of users, which is more than 57,000 people.
This move follows a recent crypto hack with Tapioca DAO decentralized autonomous organization losing $4.5 million recently as a result of a social engineering attack.
The Stormous ransomware group, which has claimed responsibility for an attack on the Web3 identity provider Fractal ID in July, has also claimed responsibility for the current breach. In its statement, the group claimed to have exfiltrated 300GB of data which consists of personal information such as IDs, financial statements, and selfies used during the know your customer (KYC) onboarding process.
Some of the stolen records are posted on Stormous site and the group has vowed to leak more of the information unless Transak pays a ransom. Nevertheless, Transak has not entered into talks with the group in response to these threats.
"We don't know if they actually did it or they are just taking the credit for it," said the payment gateway's CEO Sami Start in an interview. He pointed out that some images of the KYC information had appeared online, though the scope of the leakage is still unknown.
Despite the fact that there is no current evidence of data misuse, the payment gateway Transak has recommended that all affected users be cautious. The company has engaged third-party experts to help it determine the cause of the breach and has assured its users that it will contact them with information on how they can best protect themselves. This entails providing user with tools that can assist in identifying any form of fraudulent activities.
The company is also working with law enforcement and IT specialists to learn more about the attack and how to avoid similar incidents in the future. The employee whose laptop was used in the hacking of the system has been sacked by Start. Nevertheless, the company has stated that no funds were at risk in this case.