Transak, which is used by platforms like Metamask, Binance and Trust Wallet, says the leak was limited to “names” and “basic identity information.” A ransomware group says it has obtained more sensitive user data as well.
Transak, a crypto on-ramp used by a number of popular blockchain companies, has fallen victim to a data breach, the team disclosed in a blog post on Monday.
According to Transak, the leaked data was limited to “names” and “basic identity information.” However, a ransomware group that claimed responsibility for the attack claims to have obtained more sensitive user data as well.
“We recently discovered a security incident that impacted 1.14% of our user base,” Transak said in Monday’s blog post. “Importantly, no financially sensitive or critical information was compromised.”
A ransomware group that claimed responsibility for the breach says the breach included additional data from a larger subset of Transak’s customers.
“This breach has impacted all KYC [know your customer] DATA processed through Transak’s infrastructure,” the ransomware group claimed in a public Telegram group that it operates. “We have extracted more than 300GB of data, which includes sensitive personal documents such as government-issued IDs, proof of address, financial statements, and user selfies.”
Transak provides developers with tools to bridge users from fiat to crypto, such as by allowing them to purchase cryptocurrencies via credit card. According to its website, Transak has been integrated into major blockchain wallets like Metamask and Trust Wallet, among others. Crypto exchanges like Coinbase and Binance.US also use Transak’s services.
The ransomware group claims it has only released a subset of the stolen data. If Transak fails to pay a ransom, the group threatened to “leak the remaining data or sell it to the highest bidder.”