Buyucoin, a Delhi NCR-based cryptocurrency exchange, has reportedly been hacked. The exchange has more than 350K registered users and has facilitated over $500 million in cryptocurrency trades, according to its website. Several local news outlets reported that sensitive data of about 325K customers has been dumped onto the dark web. IANS publication detailed on Friday
“The data leaked include names, e-mails, mobile numbers, encrypted passwords, user wallet details, order details, bank details, KYC details (PAN number, passport numbers) and deposit history.”
Independent cybersecurity researcher Rajshekhar Rajaharia explained to the publication that the 6GB file on MongoDB database contains three backup files with Buyucoin data. The researcher also found his own information that he used to create an account on the platform last year among the leaked data. “This is a serious hack as key financial, banking and KYC details have been leaked on the dark web,” Rajaharia was quoted as saying.
On Twitter, a number of users said that their information was leaked. Rajaharia tweeted: “Trading in cryptocurrency? 3.5 Lakh Users data including me leaked from Buyucoin. The leaked data contains name, email, mobile, bank account numbers, PAN number, wallets details etc. Again didn’t informed to affected users by company.”
Buyucoin is the latest victim of the infamous hacker group Shinyhunters, which has been leaking databases for free on well-known English-speaking forums, according to the Economic Times. The group also leaked data of e-grocer Big Basket, educational technology platform Unacademy and payment aggregator Juspay.
Israel-based darknet threat intelligence provider KELA confirmed the leak to the publication. The firm’s threat intelligence analyst Victoria Kivilevich explained that “These records are now circulating on the dark web and available for use by other cyber criminals.” She added that they can use the data for anything from “phishing scams to gaining admin privileges and access into corporate networks if corporate credentials have been leaked.”