This article was originally published here.
According to the Russian newspaper, Izvestia, the Malta-based Trident Crypto Fund has succumbed to a data breach this week.
On Thursday, the CTO of the cybersecurity firm DeviceLock, Ashot Oganesyan, said the data of 266,000 people registered with the fund was posted on file-sharing websites shortly after the breach took place.
IP and Email Addresses Have Been Stolen
Personal information stolen from the database included cell phone numbers, email and IP addresses along with encrypted passwords. The stolen information was posted online on February 20, along with a description of the vulnerability that made the breach possible.
On March 3, the hackers decrypted 120,000 passwords and published them. Izvestia managed to contact a victim of this data breach, who confirmed his registration to a Trident Crypto Fund’s seminar and said he didn’t make an investment.
The Fund Is Quite a Mystery
Meanwhile, the fund itself has raised suspicions all on its own. In particular, the fund has none of its members listed on its website, nor is it present on LinkedIn, not to mention that it doesn’t provide clear information about where it’s registered and located.
Further research into the Crypto Fund has yielded little, other than that it’s based in Malta and offers clients the opportunity to invest in an index of top 10 cryptos.
The news about the hack was first published on Thursday morning, European time, but no official announcement was made by the fund through any official channel. No one from the fund commented anything about the matter either.
Leaks of User Data Reported by Digitex and Binance
It was only last week that Digitex also reported a user data breach, saying that it was most likely only email addresses that had been stolen. As a result of the theft done by a former employee.
One of the better-known exchanges, Binance, also saw verification details of 60,000 users go public in the summer of 2019. Back then, Binance said the know-your-customer (KYC) data didn’t match what the company had on record, suggesting there was no breach whatsoever.