Trust Wallet has temporarily halted Transak’s fiat-to-crypto payment service following a significant data breach at the Miami-based company.
As detailed in Transak’s official announcement, hackers gained access to sensitive credentials via unauthorized access to a third-party employee’s laptop. This sophisticated phishing attack targeted a Transak KYC vendor, resulting in the compromise of personal data from over 92,554 users.
In light of the security incident, Trust Wallet issued a precautionary measure, suspending Transak’s service. They reassured users that funds remain secure, as no sensitive wallet information has been compromised. Trust Wallet emphasized the importance of user protection during this challenging time.
Transak serves over 5 million users, with less than 2% affected by the breach, according to their blog post on October 21. The company is collaborating with law enforcement to investigate the incident and plans to notify all impacted users.
Various digital asset storage providers utilize Transak’s fiat-to-crypto payment services to facilitate transactions from conventional currencies to cryptocurrencies like Bitcoin (BTC) and Ethereum (ETH). It’s possible that additional crypto wallet companies may pause their support until the situation is fully resolved. However, Transak has confirmed that there is no evidence to suggest that the stolen KYC data has been used nefariously as of now.
Currently, there is no indication that the data has been misused. However, we advise affected users to remain vigilant and monitor for suspicious activity. We will be reaching out to affected users with advice and resources on protecting themselves from potential misuse of the information and offering resources such as identity monitoring services.
Transak blog post
As investigations continue, the ransomware group Stormous has claimed responsibility for this breach, reportedly stealing over 300 gigabytes of user data and unlawfully publishing personally identifiable information on their website. Stormous has also previously taken credit for hacking the web3 identity protocol Fractal ID.
