Best crypto insights delivered straight to your inbox.
- Transak, a crypto payments provider, was hacked by a ransomware group, affecting 1.14% of its users.
- The attacker accessed basic identity details through a phishing attack on an employee, but Transak says no financial data was compromised.
- The hacker group claims the breach is bigger than Transak admits, suggesting more personal information was stolen.
Crypto payment provider Transak has been hacked. A ransomware group has come forward, claiming responsibility for the breach.
On-chain investigator ZachXBT reported the breach, saying:
“Looks like the crypto payments provider Transak was recently breached by a ransomware group who claims responsibility.”
The company acknowledged the incident in a blog post, confirming that only a small portion of users (about 1.14%) were affected.
According to Transak, only names and basic identity information were compromised. But the hacker group disputes this, alleging that personal identifiable information (PII) of a larger user base was also taken.
Transak is integrated with popular platforms such as Metamask, Trust Wallet, Coinbase, and Ledger to provide fiat-to-crypto on/off-ramp services.
These integrations mean the effects of the breach could be far-reaching, potentially affecting users across many major crypto ecosystems.
Transak’s statement on the hack
In its official blog post, Transak says that upon discovering the security incident, they immediately acted to contain the attack and secure their systems. They claimed that no financially sensitive or critical information was accessed in the breach.
The data compromised was limited to names and basic identity details of 1.14% of their users, a number Transak says is a “small portion” of their total user base.
However, the ransomware group’s claim suggests otherwise. They allege that the breach impacted a larger set of users and included more sensitive PII data.
The gap between what the company says and the hacker’s claims has left users in a state of uncertainty. The blog post explains that the breach occurred due to a phishing attack on an employee.
Using stolen credentials, the attacker gained access to a third-party KYC vendor’s system, which Transak uses to scan and verify documents. The attacker was able to log into the vendor’s dashboard and extract user information from there.
Email addresses, passwords, phone numbers, Social Security Numbers, and credit card details remain secure, according to the company. They assured users that their platform operates as a fully non-custodial service.
This means that even though personal information was compromised, user funds (whether fiat or crypto) were never at risk, as the platform does not hold user funds.
It has also begun notifying its partners — like Metamask and Coinbase — about the breach. Transak has informed data protection authorities, including the UK’s Information Commissioner’s Office (ICO), as well as regulators across the EU and US.
The company claims it is still conducting reviews in other regions to ensure compliance with global data protection standards.
The smartest crypto minds already read our newsletter. Want in? Join them.
Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
Jai Hamid
Jai Hamid has been covering crypto, stock markets, technology, the global economy, and the geopolitical events that affect markets for the past 6 years. She has worked with blockchain-focused publications including AMB Crypto, Coin Edition, and CryptoTale on market analyses, major companies, regulation, and macroeconomic trends. She has attended London School of Journalism and thrice shared crypto market insights on one of Africa’s top TV networks.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)