Maltese crypto investment fund hacked, data for 260K users exposed

Getting your Trinity Audio player ready...

An unknown group of hackers breached Trident Crypto Fund, stole the data for over 250,000 users and leaked it online. According to a recent report, the hackers were able to access email addresses, cellphone numbers, passwords and more. The hack comes hot on the heels of yet another data breach at Digitex Futures Exchange.

The hackers managed to access the persona data for 266,000 users, Russian outlet Izvestia reported. Speaking to the outlet, Ashot Oganesyan, the technical director at cybersecurity firm DeviceLock, revealed that the hackers posted the data on a number of file-sharing websites. They exploited a vulnerability on the fund’s website, which they openly claimed as they leaked the data.

The hackers managed to access email addresses, phone numbers, passwords in encrypted form, countries of residence and IP addresses. Two weeks after they leaked the data, they then decrypted the passwords for 120,000 users. Armed with the usernames and the passwords, the hackers can easily access their victims’ accounts, Ashot stated. And while some crypto accounts require two-factor authentication, hackers have been known to use social engineering techniques to overcome such hindrances.

Of the 266,000 users whose information was leaked, close to 10,000 were Russian, Ashot told the outlet, making this the largest leak about crypto investors in Russia. The Russian authorities are not taking the matter lightly and already, the Roskomnadzor is seeking legal redress against the firm. The report claims that the agency, which is in charge of IT and media in Russia, will file a lawsuit against the company for dissemination of personal data.

Izvestia reached out to one of the victims using the leaked data who confirmed his association with the fund. He, however, wasn’t an investor in the fund. Rather, he had registered with the firm to participate in a training seminar. He was outraged at the reckless nature the fund had handled his data.

Trident is yet to respond to the data breach or to issue any statement regarding the same. The firm keeps a very low profile, with little online presence. Even its physical offices are unknown, with Crypto Fund Research placing them in Malta. It allows its clients to invest in the top 10 cryptos, claiming to have raked in 1,400% in returns in 2017 when BTC returns stood at 800%.

Just recently, Digitex exchange suffered a data leak as well, but unlike with Trident, it came from within the firm. A disgruntled ex-employee by the moniker ‘Digileaker’ claimed to have stolen personal data of 8,000 users and threatened to leak it unless his demands were met.