Trust Wallet has temporarily suspended Transak’s fiat-to-crypto payment service after the Miami-based firm experienced a data breach.
According to Transak’s official statement, hackers obtained compromised credentials through “unauthorized access” to a third-party employee’s laptop. A sophisticated phishing tactic used against a Transak KYC vendor allowed criminals to obtain personal data such as names of more than 92,554 users.
Due to the recent security incident @TransakFor your safety, we have taken precautions and temporarily removed onramp services from Trust Wallet. Rest assured, the user’s funds remain safe as sensitive wallet information is not disclosed to any of our onramp providers. Stay… https://t.co/xRB1ZB1Dtt
— Trust Wallet (@TrustWallet) 21 October 2024
More than 5 million people use Transak’s service, and less than 2% of its users are affected, according to the company’s Oct. 21 blog post. The firm said it had contacted law enforcement to assist with the investigation and announced plans to contact anyone affected. users.
Many digital asset storage providers, including Trust Wallet, Metamask, Ledge, and Coinbase, use Transak’s fiat-to-crypto or onramp payment corridor to transfer value from currencies such as the US dollar to Bitcoin (BTC) or Ethereum (ETH).
More crypto wallet companies may pause support until the situation is corrected. Still, the firm emphasized that the stolen KYC materials were not revealed as part of nefarious activities. A leading cyber security company
There is currently no indication that data has been misused. However, we advise affected users to remain vigilant and monitor for suspicious activity. We will reach out to affected users with advice and resources on protecting themselves from potential misuse of information and provide resources such as identity monitoring services.
Transak blog post
While the startup investigated the incident, ransomware syndicate Stormous claimed responsibility for the breach. Stormous apparently stole more than 300 gigabytes of user data and published illegally obtained personal information on its website. The ransomware gang also hacked the web3 identity protocol Fractal ID in July.
Bitcoin 
Ethereum 
Tether 
Solana 
BNB 
USDC 
XRP 
Dogecoin 
Lido Staked Ether 
TRON 
Cardano 
Toncoin 
Wrapped stETH 
Shiba Inu 
Wrapped Bitcoin 
Avalanche 
WETH 
Chainlink 
Bitcoin Cash 
Sui 
Polkadot 
LEO Token 
USDS 
Uniswap 
Litecoin 
Wrapped eETH 
Aptos 
NEAR Protocol 
Pepe 
Bittensor 
Internet Computer 
Artificial Superintelligence Alliance 
Dai 
Monero 
Ethereum Classic 
Kaspa 
Stellar 
Ethena USDe 
WhiteBIT Coin 
Aave 
POL (ex-MATIC) 
Stacks 
OKB 
First Digital USD 
Cronos 
dogwifhat 
Arbitrum 
Filecoin 
Mantle 
Celestia