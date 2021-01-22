wordpress blog stats
Massive data leak from crypto-exchange BuyUCoin; company refutes claims

Large troves of personal and sensitive data belonging to investors on crypto-currency exchange BuyUCoin has been leaked on the dark web. The data leak was uploaded on Wednesday night by the notorious hacking group ShinyHunters and pertains to a backup of the crypto-exchanges database in September 2020. However, in response to queries sent by MediaNama, BuyUCoin refuted the allegations stating that only a limited amount of data was compromised and that it was immediately recovered and secured by the company’s automated security systems.

Cyber-security researcher Rajshekhar Rajaharia told MediaNama that the data leak contains sensitive information like users’ name, email address, mobile numbers, password, crypto-wallet details, order details and deposit history. Further, screenshots of the leak reveal that bank account details including the bank name, account number, IFSC code and type of account has been exposed in the data dump, in addition to Know-Your-Customer (KYC) information collected by BuyUCoin.

“ShinyHunters was responsible for other data dumps belonging to Indian companies like Juspay and BigBasket. While this group usually puts up the data on the dark web for sale, this time they have uploaded the files for free. Even my account details were leaked,” Rajaharia said. “The data contained in a MongoDB database was backed up by the group in June, July and September last year,” he said. Rajaharia added that a quick look of the data dump, around 6GB large, shows that 3.25 lakh users’ details may have been leaked, although there could be repetitions in the file.

According to a source close to the development, BuyUCoin has around 2.9 lakh users of which 95,000 have completed the full-KYC requirements and around 40,000 actively trade on the platform. This person spoke on the condition of anonymity.

“In the mid of 2020, while conducting a routine testing exercise with dummy data, we faced a ‘Low Impact Security Incident’ in which non-sensitive, dummy data of only 200 entries was impacted. We would like to clarify that not even a single customer was affected during the incident,” BuyUCoin said.

The New-Delhi based crypto-exchange was founded by 2016 by Atulya Bhatt, Devesh Agarwal and Shivam Thakral. Last year, it expanded globally after it received an operating license in Estonia and has partnered with payments wallet MobiKwik allowing users to buy crypto-currencies through their credit and debit cards, MobiKwik wallet, and net banking. According to CoinGecko, the exchange processes around $3 million worth of trades on a daily basis as of date.

“We would like to assure our customers that all the transactions on our platform take place in a highly encrypted environment. Our technical team constantly conducts routine security checks to ensure that our customer data is completely secure. We are aware of the high level security threats which exists in today’s world and we continuously upgrade our software and systems to neutralize such malicious and unlawful cyberattacks,” BuyUCoin said.

