Israel-based crypto brokerage Coinmama — which allows users to purchase Bitcoin (BTC) and Ethereum (ETH) using a credit card — has suffered a major data breach affecting 450,000 of its users. The incident was disclosed in an official company announcement on Feb. 15.
Coinmama says a list of around “450,000 email addresses and hashed passwords” of users who registered on its platform before Aug. 5, 2017 have been posted on a dark web registry:
“As of February 15, 2019, there has been no evidence of this data being used by perpetrators. Given the dated nature of the published data, we have no reason to suspect that any other Coinmama systems are compromised. Coinmama does not store credit card information.”
Aside from immediately notifying users, Coinmama says its response team is requiring all potentially affected users to reset their passwords upon login, as well as monitoring its array of systems for suspicious activity or unauthorized access. The platform says it is working to enhance its safeguards and track any external signals that the compromised data is being used.
Aside from new password requirements for potential victims of the hack, the site requests all users to ensure their passwords are robust and unique, and to avoid opening emails or attachments from unknown senders, or providing any personal data to any third party sites.
Although the data breach impacted not only Coinmama, but a gamut of companies outside the crypto sector, the hack represents the second high-profile system compromise in the industry this year.
On Jan. 15, tens of thousands of Ethereum (ETH) wallets hosted by New Zealand crypto exchange Cryptopia were hacked, leading to losses estimated to be worth up to $23 million — with the breach continuing for a couple of weeks after the incident’s detection.
A recent report from New York-based blockchain intelligence firm Chainalysis estimated that two — likely still active — organized hacker groups have reportedly stolen $1 billion in cryptocurrency, accounting for the majority of funds lost in crypto-related scams.