Data of over three million CoinMarketCap (CMC) users was leaked earlier in October, the crypto tracker confirmed. Every day, over 27 million people from the US, India, and Japan among other nations visit the platform to price-track and stay updated on cryptocurrency, a report by statistics firm HypeStat claimed recently. This data breach comes at a time when cyber-attacks specifically targeting the crypto-community are rising in numbers, worldwide. Despite several nations still being sceptical about legalising cryptocurrencies, the crypto space is witnessing rapid expansion in many parts of the world.
Registered email addresses of 3,117,548 CMC users were unlawfully obtained and uploaded on hacking forums by nefarious cyber criminals on October 12, CryptoPotato reported earlier this week. These email ids are now being traded on the dark web.
CMC has acknowledged this data breach while noting that the passwords of these leaked email addresses remain safe. The platform has also denied possibility of this leak via their servers.
“While the data lists we have seen are only email addresses (no passwords), we have found a correlation with our subscriber base. We have not found any evidence of a data leak from our own servers — we are actively investigating this issue and will update our subscribers as soon as we have any new information,” the CryptoPotato report quoted a CMC representative as saying. Identity of this spokesperson remains undisclosed.
As of now, the brains behind this attack remains unknown.
The development has triggered a flood of responses on social media, with some people (potential CMC users and cryptocurrency investors) alleging that they have been getting security alerts for the past some days. People have also questioned CMC that if the data was not leaked from their servers, where other place is their user-data being stored.
So either @CoinMarketCap or @twitch are lying about passwords not being included in their data leaks.— GFUEL | Tomasina ???? (@itsTomasina) October 25, 2021
Those are the only leaks that could have possibly caused the handful of critical security alerts I've been getting.
(Eat my 2FA, btw)
"there has been no leak from our own servers." So where did the leak come from? If not your "own servers" where else were you storing data?— Facted (@facted_net) October 23, 2021
This is not the first time however that a crypto-company suffered a data breach. In recent years, crypto-associated firms like BitMEX and Ledger among others have witnessed similar leaks.
As per a report by Business Insider, 32 incidents of hacks and fraud targeting the crypto space have been reported so far in 2021. The total value of these attacks is nearly $3 billion (roughly Rs. 22,522 crore). The report has further claimed that the number of offenses are only growing by 41 percent every year.