Leadingcryptotransactionplatform,Transak,hasconfirmedarecentsecurityattackthataffected1.14%ofitsuserbasei.e.,92,554users,howevernofinancialdatahasbeencompromised,reassuredthefirm.Thesecuritybreach,discoveredfollowingasophisticatedphishingattack,involvedunauthorizedaccesstoathird-partyKYCvendor’ssystemthroughcompromisedcredentialsfromaTransakemployee’slaptop.

Theattackergainedaccesstospecificuserinformation,includingnames,datesofbirth,IDdocuments,andselfies.However,thecryptoplatformhasassuredusersthatnofinanciallysensitiveinformation—suchaspasswords,creditcarddetails,SocialSecurityNumbers,orphonenumbers—wascompromised.Theattackershavegainedaround300GBofdatainvolvingdatafromonemillionusersacrossTransak’sclientsincludingMetamask,Trustwallet,ZilSwapandothers.

Inanofficialstatement,Transaksaid,“Transakoperatesasafullynon-custodialplatform,meaningthatuserfunds—whetherfiatorcryptocurrency—areneverheldbyusandthereforeremaincompletelysecureandunaffectedbyanysuchattack.”

TheproblemsandissuesassociatedwiththirdpartiesintheWeb3spacearenoteliminateduntilwefindanonprofitsolution.
Welldone,@Transak

Thanks@zachxbtforthecoverageinyourTelegramchannelpic.twitter.com/90dBJOOLS6

—Felix500(@FreedomToType)October21,2024

Transakinformedthatuponidentifyingthebreach,theteamimmediatelyinitiatedaninvestigationwithtopcybersecurityfirmsandforensicexperts,haltinganyfurtherunauthorizedaccess.Thecompanyisalsocontactingaffectedusersandpartners,whileworkingtoimproveemployeetrainingandsystemprotectionstopreventfutureattacks.AuthoritiesincludingtheUK’sInformationCommissioner’sOffice(ICO)havebeennotified,andthecompanyiscooperatingwithregulatorsacrosstheEUandUS.

Thehackershavealsoputoutamessagesayingthat:

Courtesy:X

Evenso,thereisnoindicationthatthedatahasbeenmisused,Transakhasadvisedaffecteduserstoremainvigilantandmonitorforsuspiciousactivity.

cryptonewsz.com