wordpress blog stats
Connect with us

Hi, what are you looking for?

Massive data leak from crypto-exchange BuyUCoin; company refutes claims


Large troves of personal and sensitive data belonging to investors on crypto-currency exchange BuyUCoin has been leaked on the dark web. The data leak was uploaded on Wednesday night by the notorious hacking group ShinyHunters and pertains to a backup of the crypto-exchanges database in September 2020. However, in response to queries sent by MediaNama, BuyUCoin refuted the allegations stating that only a limited amount of data was compromised and that it was immediately recovered and secured by the company’s automated security systems.

Cyber-security researcher Rajshekhar Rajaharia told MediaNama that the data leak contains sensitive information like users’ name, email address, mobile numbers, password, crypto-wallet details, order details and deposit history. Further, screenshots of the leak reveal that bank account details including the bank name, account number, IFSC code and type of account has been exposed in the data dump, in addition to Know-Your-Customer (KYC) information collected by BuyUCoin.

“ShinyHunters was responsible for other data dumps belonging to Indian companies like Juspay and BigBasket. While this group usually puts up the data on the dark web for sale, this time they have uploaded the files for free. Even my account details were leaked,” Rajaharia said. “The data contained in a MongoDB database was backed up by the group in June, July and September last year,” he said. Rajaharia added that a quick look of the data dump, around 6GB large, shows that 3.25 lakh users’ details may have been leaked, although there could be repetitions in the file.

According to a source close to the development, BuyUCoin has around 2.9 lakh users of which 95,000 have completed the full-KYC requirements and around 40,000 actively trade on the platform. This person spoke on the condition of anonymity.

“In the mid of 2020, while conducting a routine testing exercise with dummy data, we faced a ‘Low Impact Security Incident’ in which non-sensitive, dummy data of only 200 entries was impacted. We would like to clarify that not even a single customer was affected during the incident,” BuyUCoin said.

Advertisement. Scroll to continue reading.

The New-Delhi based crypto-exchange was founded by 2016 by Atulya Bhatt, Devesh Agarwal and Shivam Thakral. Last year, it expanded globally after it received an operating license in Estonia and has partnered with payments wallet MobiKwik allowing users to buy crypto-currencies through their credit and debit cards, MobiKwik wallet, and net banking. According to CoinGecko, the exchange processes around $3 million worth of trades on a daily basis as of date.

“We would like to assure our customers that all the transactions on our platform take place in a highly encrypted environment. Our technical team constantly conducts routine security checks to ensure that our customer data is completely secure. We are aware of the high level security threats which exists in today’s world and we continuously upgrade our software and systems to neutralize such malicious and unlawful cyberattacks,” BuyUCoin said.

BuyUCoin upgrades security standards

In an updated statement on Friday, BuyUCoin said that it is “thoroughly investigating each and every aspect of the report about malicious and unlawful cybercrime activities” that foreign entities undertook last year. The company has upgraded its security standards and has enabled a three-factor-authentication system for users’ trading accounts.

The company says that users should have a strong password and use OTPs for account verification, they should use Google’s 2FA authentication system and enable a six-digital trading pin for transaction verification. Further, every transaction on the crypto-exchange will now require an OTP verification sent to the users’ email address, it said.

“All our user’s portfolio assets are safe and sound within a secure environment. 95% of user’s funds are kept in cold storage, inaccessible to any server breach. Based on the internal investigation, we will be keeping you updated with the proceedings and conduct a major cybersecurity overhaul throughout 2021 to upgrade platform security,” the company said.

Also read

Advertisement. Scroll to continue reading.

(Updated January 22, 2021 3:05 pm. Updated with statement from BuyUCoin on upgrades to its security standards. Originally published January 22, 2021 at 11:44 am)

Written By

Reports on banking, payments, fintech and crypto-curencies. Additional reporting on media regulations, data protection and other areas.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.


This article addresses the legal and practical ambiguities in understanding the complex crypto ecosystem in India.


It is widely argued that the PDP Bill report seeks to discard the intermediary status of social media platforms but that may not be...


Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ