A former employee of the cryptocurrency derivatives exchange Digitex has started to disclose stolen Know-Your-Customer (KYC) on Telegram. The stolen data would include passport and driver license scans and other sensitive documents from more than 8,000 Digitex customers.
The Seychelles-based exchange posted a statement in Cointelegraph stating that it is currently unable to comment on the incident and is seeking legal advice:
“Digitex Futures is aware of a confidential data leak. We are unable to fully comment on the incident at this time and are currently seeking a lawyer. However, we can confirm that it was not an external hack but an internal security breach orchestrated by an ex-employee in conflict of interest with the company. We will post more information about the incident as soon as possible. “
The extent of the Digitex breach is unknown
However, a source familiar with the matter told Cointelegraph that data from 8,000 customers “had not been breached,” adding:
“Only three pieces of ID have been released, although the attacker confirms that he has them all and begins to publish requests so as not to disclose the rest.”
On Telegram, the “Digileaker” claimed to be in possession of “the complete KYC documentation of each user who has used Digitex Treasure from its creation date until today”.
In an interview with the cryptocurrency scam hunter CryptoVigilante, the Digileaker claimed to have used the login information obtained when Digitex signed up with its provider KYC Sum and Substance.
According to the hacker, the connection “gives unlimited access to all of the KYC information for more than 8,000 customers, including documents, address, telephone numbers and other information such as the IP address”.
Digitex data breach grows
The Digitex debacle has escalated in recent weeks, starting with the ex-employee hijacking his Facebook account to publicly disclose users’ email addresses. In a February 10 blog post, Digitex said the violation was an “internal problem” that was perpetrated by an “intriguing and highly manipulative ex-employee”.
The company also assured its customers that “beyond their e-mail address, no other sensitive information has been collected or disclosed”.
Crypto exchanges see several attacks in February
The Digitex data breach occurs amid an increasing number of malicious attacks targeting cryptocurrency exchanges.
On February 27, Okex and Bitfinex suffered simultaneous distributed denial of service (DDoS) attacks. While the Okex platform was “practically unaffected,” Bitfinex entered maintenance mode to quickly execute countermeasures and fixes for all similar attacks.
Sure February 28, the Singaporean crypto exchange supported by Tim Draper Coinhako announced that it had fully reimbursed all customers affected by a “sophisticated attack” that had started targeting the exchange seven days earlier.
The exchange responded by suspending the send functionality. Coinhako has since restored send capacities for Bitcoin (BTC), Bitcoin Cash (BCH), Ethereum (ETH), Tether (USDT), TrueUSD (TUSD) and USD Coin (USDC).
