wordpress blog stats
Connect with us

Hi, what are you looking for?

Massive data leak from crypto-exchange BuyUCoin; company refutes claims


Large troves of personal and sensitive data belonging to investors on crypto-currency exchange BuyUCoin has been leaked on the dark web. The data leak was uploaded on Wednesday night by the notorious hacking group ShinyHunters and pertains to a backup of the crypto-exchanges database in September 2020. However, in response to queries sent by MediaNama, BuyUCoin refuted the allegations stating that only a limited amount of data was compromised and that it was immediately recovered and secured by the company’s automated security systems.

Cyber-security researcher Rajshekhar Rajaharia told MediaNama that the data leak contains sensitive information like users’ name, email address, mobile numbers, password, crypto-wallet details, order details and deposit history. Further, screenshots of the leak reveal that bank account details including the bank name, account number, IFSC code and type of account has been exposed in the data dump, in addition to Know-Your-Customer (KYC) information collected by BuyUCoin.

“ShinyHunters was responsible for other data dumps belonging to Indian companies like Juspay and BigBasket. While this group usually puts up the data on the dark web for sale, this time they have uploaded the files for free. Even my account details were leaked,” Rajaharia said. “The data contained in a MongoDB database was backed up by the group in June, July and September last year,” he said. Rajaharia added that a quick look of the data dump, around 6GB large, shows that 3.25 lakh users’ details may have been leaked, although there could be repetitions in the file.

According to a source close to the development, BuyUCoin has around 2.9 lakh users of which 95,000 have completed the full-KYC requirements and around 40,000 actively trade on the platform. This person spoke on the condition of anonymity.

“In the mid of 2020, while conducting a routine testing exercise with dummy data, we faced a ‘Low Impact Security Incident’ in which non-sensitive, dummy data of only 200 entries was impacted. We would like to clarify that not even a single customer was affected during the incident,” BuyUCoin said.

The New-Delhi based crypto-exchange was founded by 2016 by Atulya Bhatt, Devesh Agarwal and Shivam Thakral. Last year, it expanded globally after it received an operating license in Estonia and has partnered with payments wallet MobiKwik allowing users to buy crypto-currencies through their credit and debit cards, MobiKwik wallet, and net banking. According to CoinGecko, the exchange processes around $3 million worth of trades on a daily basis as of date.

“We would like to assure our customers that all the transactions on our platform take place in a highly encrypted environment. Our technical team constantly conducts routine security checks to ensure that our customer data is completely secure. We are aware of the high level security threats which exists in today’s world and we continuously upgrade our software and systems to neutralize such malicious and unlawful cyberattacks,” BuyUCoin said.

BuyUCoin upgrades security standards

In an updated statement on Friday, BuyUCoin said that it is “thoroughly investigating each and every aspect of the report about malicious and unlawful cybercrime activities” that foreign entities undertook last year. The company has upgraded its security standards and has enabled a three-factor-authentication system for users’ trading accounts.

The company says that users should have a strong password and use OTPs for account verification, they should use Google’s 2FA authentication system and enable a six-digital trading pin for transaction verification. Further, every transaction on the crypto-exchange will now require an OTP verification sent to the users’ email address, it said.

“All our user’s portfolio assets are safe and sound within a secure environment. 95% of user’s funds are kept in cold storage, inaccessible to any server breach. Based on the internal investigation, we will be keeping you updated with the proceedings and conduct a major cybersecurity overhaul throughout 2021 to upgrade platform security,” the company said.

Also read

(Updated January 22, 2021 3:05 pm. Updated with statement from BuyUCoin on upgrades to its security standards. Originally published January 22, 2021 at 11:44 am)

You May Also Like


Despite panic and speculation, people are still buying Bitcoins and other crypto-currencies a month after the government announced it would ban crypto-currencies in the...


Unicas, the global cryptocurrency financial institution, opened its third physical bank branch in New Delhi on Wednesday. Through the bank branch Unicas will offer...


The crypto-currency industry has finalised its draft Code of Conduct for blockchain and crypto-firms in India. The code mandates all players to maintain transaction...


India is the 9th largest market for darknet-based illicit cryptocurrency activity with over $42 million worth of trades taking place on the dark web...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ