Trust Wallet halts Transak onramp after data breach

Trust Wallet has temporarily suspended Transak’s fiat-to-crypto payment service after the Miami-based firm experienced a data breach.

According to Transak’s official statement, hackers obtained compromised credentials through “unauthorized access” to a third-party employee’s laptop. A sophisticated phishing tactic used against a Transak KYC vendor allowed criminals to obtain personal data such as names of more than 92,554 users.

Due to the recent security incident @TransakFor your safety, we have taken precautions and temporarily removed onramp services from Trust Wallet. Rest assured, the user’s funds remain safe as sensitive wallet information is not disclosed to any of our onramp providers. Stay… https://t.co/xRB1ZB1Dtt

— Trust Wallet (@TrustWallet) 21 October 2024

More than 5 million people use Transak’s service, and less than 2% of its users are affected, according to the company’s Oct. 21 blog post. The firm said it had contacted law enforcement to assist with the investigation and announced plans to contact anyone affected. users.

Many digital asset storage providers, including Trust Wallet, Metamask, Ledge, and Coinbase, use Transak’s fiat-to-crypto or onramp payment corridor to transfer value from currencies such as the US dollar to Bitcoin (BTC) or Ethereum (ETH).

More crypto wallet companies may pause support until the situation is corrected. Still, the firm emphasized that the stolen KYC materials were not revealed as part of nefarious activities. A leading cyber security company

There is currently no indication that data has been misused. However, we advise affected users to remain vigilant and monitor for suspicious activity. We will reach out to affected users with advice and resources on protecting themselves from potential misuse of information and provide resources such as identity monitoring services.

Transak blog post

While the startup investigated the incident, ransomware syndicate Stormous claimed responsibility for the breach. Stormous apparently stole more than 300 gigabytes of user data and published illegally obtained personal information on its website. The ransomware gang also hacked the web3 identity protocol Fractal ID in July.

Leave a Reply

Your email address will not be published. Required fields are marked *