Crypto payment provider Transak has been hacked. A ransomware group has come forward, claiming responsibility for the breach.
On-chain investigator ZachXBT reported the breach, saying:
“Looks like the crypto payments provider Transak was recently breached by a ransomware group who claims responsibility.”
The company acknowledged the incident in a blog post, confirming that only a small portion of users (about 1.14%) were affected.
According to Transak, only names and basic identity information were compromised. But the hacker group disputes this, alleging that personal identifiable information (PII) of a larger user base was also taken.
Transak is integrated with popular platforms such as Metamask, Trust Wallet, Coinbase, and Ledger to provide fiat-to-crypto on/off-ramp services.
These integrations mean the effects of the breach could be far-reaching, potentially affecting users across many major crypto ecosystems.
Transak’s statement on the hack
In its official blog post, Transak says that upon discovering the security incident, they immediately acted to contain the attack and secure their systems. They claimed that no financially sensitive or critical information was accessed in the breach.
The data compromised was limited to names and basic identity details of 1.14% of their users, a number Transak says is a “small portion” of their total user base.
However, the ransomware group’s claim suggests otherwise. They allege that the breach impacted a larger set of users and included more sensitive PII data.
The gap between what the company says and the hacker’s claims has left users in a state of uncertainty. The blog post explains that the breach occurred due to a phishing attack on an employee.
Using stolen credentials, the attacker gained access to a third-party KYC vendor’s system, which Transak uses to scan and verify documents. The attacker was able to log into the vendor’s dashboard and extract user information from there.
Email addresses, passwords, phone numbers, Social Security Numbers, and credit card details remain secure, according to the company. They assured users that their platform operates as a fully non-custodial service.
This means that even though personal information was compromised, user funds (whether fiat or crypto) were never at risk, as the platform does not hold user funds.
It has also begun notifying its partners — like Metamask and Coinbase — about the breach. Transak has informed data protection authorities, including the UK’s Information Commissioner’s Office (ICO), as well as regulators across the EU and US.
The company claims it is still conducting reviews in other regions to ensure compliance with global data protection standards.
Earn more PRC tokens by sharing this post. Copy and paste the URL below and share to friends, when they click and visit Parrot Coin website you earn: https://parrotcoin.net0
PRC Comment Policy
Your comments MUST BE constructive with vivid and clear suggestion relating to the post.
Your comments MUST NOT be less than 5 words.
Do NOT in any way copy/duplicate or transmit another members comment and paste to earn. Members who indulge themselves copying and duplicating comments, their earnings would be wiped out totally as a warning and Account deactivated if the user continue the act.
Parrot Coin does not pay for exclamatory comments Such as hahaha, nice one, wow, congrats, lmao, lol, etc are strictly forbidden and disallowed. Kindly adhere to this rule.
Constructive REPLY to comments is allowed