The incident serves as another reminder that the know-your-customer (KYC) procedure can be a risky practice. An attacker accessed the data of thousands of users from Fractal ID, a major player in the crypto world.
Fractal ID, a company developing "decentralized identity" solutions for the crypto industry and serving more than 250 projects with over 1.1 million users, has revealed that a potential data breach was detected this past Sunday.
According to the team, the attacker was logged out of the system on the same day. However, during a couple of hours of unauthorized access, the attacker accessed the personal data of around 0.5% of Fractal ID's user base, which corresponds to approximately 5,500 users.
"This data may include names, email addresses, wallet addresses, phone numbers, physical addresses, images, and pictures of uploaded documents," the company stated, adding that they take the security and privacy of their users' data "extremely seriously" and have now implemented unspecified "additional security measures."
Data protection authorities and cybercrime police have also been contacted.
Fractal ID claims that the breach did not affect any of its clients' systems or products that use its services.
One of its clients, Gnosis Pay, a payment network claiming to be decentralized, informed its users that their data "was not part of the data that was accessed." However, the company urged its users to be cautious of unsolicited communications requesting additional personal information.
Other clients of the five-year-old Fractal ID include prominent crypto projects like Polygon ID, Ripple/XRP Ledger, Near, BNB Chain, Avalanche, Arbitrum Foundation, and more.
The crypto industry has suffered multiple personal data leaks, including the infamous case of Ledger, a major producer of hardware wallets. In July 2020, around one million email addresses and approximately 272,000 pieces of detailed information, such as postal addresses, last names, first names, and telephone numbers of customers, were stolen.
Your email address will not be published. Required fields are markedmarked