Malicious hack exposes BuyUcoin crypto exchange sensitive data related to financial, banking, and KYC details of 325K users on the dark web. Indo-Asian News Service (IANS) took to Twitter to announce the data breach. Indian crypto exchange, BuyUcoin crypto exchange, with its headquarter based in Noida, which has a user base of 3,50,000 users and enabled $500 million worth of transactions, has fallen prey to massive data attacks.
Media reports suggest that sensitive data include email ids, contact details, usernames and passwords, wallet details, transaction details, banking related data, PAN numbers, and passport details, including deposit information. A business insider reportedly stated that hackers now have access to a 6GB file of MongoDB database that has crucial files related to the users’ account details.
According to media reports, Israel-based cybersecurity firm Kela Research and Strategy successfully tracked the data trails. It reported that it got access to BuyUcoin users’ data as well as the other stolen data of five different companies that were previously hacked. It is speculated that the menacing ShinyHunters group is behind this data breach, which has been active since last year.
The infamous hack of the Photograph platform Pixlr was reportedly carried out by the same hackers. Recently, many cryptocurrency players have succumbed to hack, giants like Binance too weren’t spared. Interestingly, the recent trend suggests that hackers have restored to demand ransom in exchange for not hacking the data. Unfortunately, BuyUcoin received no such demand leaving many users furious as they have not yet received any official statement from the exchange.
According to KELA’s intelligence analyst Victoria Kivilevich, the data now stands exposed to criminals who can use it for scams to access the admin privileges. On the other hand, BuyUcoin defended itself as it announced that the hack never took place and that user data is safe and secured. And further reportedly mentioned that it is still in the investigative stage and examining reports about the hackers. It further stressed that 95% of user data is now held in cold storage to prevent any security breach in the future.
Media reports state that many BuyUcoin’s users have taken to Twitter to express their concern over the security breach and worried if their data will be misused or worse if they are scammed. BuyUcoin was quick to replace the controversial statement made by its CEO Shivam Thakral and stated that it is carrying thorough research about the security breach of foreign entities operating since last year.