Leadingcryptotransactionplatform,Transak,hasconfirmedarecentsecurityattackthataffected1.14%ofitsuserbasei.e.,92,554users,howevernofinancialdatahasbeencompromised,reassuredthefirm.Thesecuritybreach,discoveredfollowingasophisticatedphishingattack,involvedunauthorizedaccesstoathird-partyKYCvendor’ssystemthroughcompromisedcredentialsfromaTransakemployee’slaptop.
Theattackergainedaccesstospecificuserinformation,includingnames,datesofbirth,IDdocuments,andselfies.However,thecryptoplatformhasassuredusersthatnofinanciallysensitiveinformation—suchaspasswords,creditcarddetails,SocialSecurityNumbers,orphonenumbers—wascompromised.Theattackershavegainedaround300GBofdatainvolvingdatafromonemillionusersacrossTransak’sclientsincludingMetamask,Trustwallet,ZilSwapandothers.
Inanofficialstatement,Transaksaid,“Transakoperatesasafullynon-custodialplatform,meaningthatuserfunds—whetherfiatorcryptocurrency—areneverheldbyusandthereforeremaincompletelysecureandunaffectedbyanysuchattack.”
TheproblemsandissuesassociatedwiththirdpartiesintheWeb3spacearenoteliminateduntilwefindanonprofitsolution.
Welldone,@TransakThanks@zachxbtforthecoverageinyourTelegramchannelpic.twitter.com/90dBJOOLS6
—Felix500(@FreedomToType)October21,2024
Transakinformedthatuponidentifyingthebreach,theteamimmediatelyinitiatedaninvestigationwithtopcybersecurityfirmsandforensicexperts,haltinganyfurtherunauthorizedaccess.Thecompanyisalsocontactingaffectedusersandpartners,whileworkingtoimproveemployeetrainingandsystemprotectionstopreventfutureattacks.AuthoritiesincludingtheUK’sInformationCommissioner’sOffice(ICO)havebeennotified,andthecompanyiscooperatingwithregulatorsacrosstheEUandUS.
Thehackershavealsoputoutamessagesayingthat:
Courtesy:X
Evenso,thereisnoindicationthatthedatahasbeenmisused,Transakhasadvisedaffecteduserstoremainvigilantandmonitorforsuspiciousactivity.
cryptonewsz.com