Hacker Stole 1,000 Traders’ Personal Data From CryptoTrader.Tax

[yhiaali3]

This and other similar hacking incidents underscore the need to accelerate the transition to Web 3.0 or the decentralized Internet, where user data is stored on a data blockchain and it is difficult or impossible to hack this data.
Of course, this is one of the biggest disadvantages of centralization when you give your data to any central site, whether an exchange, platform, customer service, or anything, your data is in danger because the site can be hacked, as happened here, or it can be stolen by the employees on the site itself.

[AicecreaME]

This is a very dangerous scenario.

Lots of clients information were stored in their database that’s why they must protect and secure it as strictly as they can. The information and profiling of a client should not be leaked as it holds a vital role in accessing their accounts and their transactions. With this happened, the hacker can anytime use their information for wrongdoings and can possibly monitor them or steal from them.

The cryptotrader.tax should’ve prevented this from happening if only they put high and strict security measures to prevent hackers from penetrating their website database. They must really took steps to improve their security to earn their current and future customers trust again. They must look into all angles as it is possible that an inside job happened.

May this become a lesson for each companies to always maintain the strict security measures of their websites and database. A little negligence from their responsibilities can surely cost them a lot if something like this happens.

[wxa7115]

The cryptotrader.tax should’ve prevented this from happening if only they put high and strict security measures to prevent hackers from penetrating their website database. They must really took steps to improve their security to earn their current and future customers trust again. They must look into all angles as it is possible that an inside job happened.

This idea that everything can be prevented is a mistake, hackers are very smart and if needed they can wait for years in order to obtain the necessary information to make their hacks a reality, it is impossible to stop something that you do not see and hackers are experts at hiding themselves in plain sight, what this demonstrates is that the idea of giving your information to a centralized institution and relying on them to protect it is flawed.

We need to move to true decentralization in which exchanges do not ask for that kind of information that way hackers cannot steal it because they simply do not have it, but obviously many entities are against this because this limits their power.

[gabbie2010]

Thats why is better to not share with anyone any kind of personal data in crypto

Personally I think an insider must have been involved in the security breach involving cryptoTrader.Tax, he must have been responsible for sharing some important and vital documents for the hacker to gain easy access to the site so as to perpetuate the crime,  hackers are getting sophisticated in their performing the dastardly act of hacking thus exchanges and other crypto sites must ensure that their security firewall must be well fortified.
A through investigation must be made to ascertain those involved and an arrest must be made, while those culpable for the hack must be prosecuted this will serve as deterrent to other hackers.

[shoreno]

This and other similar hacking incidents underscore the need to accelerate the transition to Web 3.0 or the decentralized Internet, where user data is stored on a data blockchain and it is difficult or impossible to hack this data.
Of course, this is one of the biggest disadvantages of centralization when you give your data to any central site, whether an exchange, platform, customer service, or anything, your data is in danger because the site can be hacked, as happened here, or it can be stolen by the employees on the site itself.

that web 3.0 you said sounds cool but web decentralization can be achieve by using private internet like vpn's .

no one can trace you that way but there still a problem , what if the site is still centralized ? hackings and stealings can still occur .  i heard that many businesses are now planning to support blockchain on thier system. this step can be the only solution to solve major problems that we faced day by day .

[AniviaBtc]

I'm just wondering how they know the other information such as the passwords are not in custody of the hacker. It is not unbelievable to see hacker stealing information but it become worrisome when they have direct access to your account. The hacker might not compromise the password by changing it but might know the passwords. This is part of the reason why people have not supporting centralized platforms

But on that case that they have personal data of different users, they can steal money whenever they want. Personal information and details are very very important and shouldn't be ignored because the fate of your account is dependent on that. If they know the password of your account then it is more likely that you are the next target and you will suffer the most. Centralized platforms are somehow good but still it do have a downside. All of the things in the world have advantages and disadvantages that's why you need to deal with both. Hackers are unstoppable and unpredictable when they will act or move, so always be aware and mindful.

[verita1]

Lately we are realizing that there is vulnerability in the platforms due to the frequency of how these hackers violate the security of the systems. We need more robust websites especially in the crypto field. What remains for us is to be more attentive to the websites we visit.

[yhiaali3]

that web 3.0 you said sounds cool but web decentralization can be achieve by using private internet like vpn's .

no one can trace you that way but there still a problem , what if the site is still centralized ? hackings and stealings can still occur .  i heard that many businesses are now planning to support blockchain on thier system. this step can be the only solution to solve major problems that we faced day by day .

This is what I meant by web 3.0. I did not mean to preserve privacy by using a VPN, web 3.0 means that there should be a blockchain for the Internet so that our data is stored on the blockchain and not on the site. In this way, all data is safe and difficult to hack or steal, and also cannot be sold (By the site itself) to someone else as it happens now.

[agg2702]

I'm just wondering how they know the other information such as the passwords are not in custody of the hacker. It is not unbelievable to see hacker stealing information but it become worrisome when they have direct access to your account. The hacker might not compromise the password by changing it but might know the passwords. This is part of the reason why people have not supporting centralized platforms

Judging from the article it's only a rough conclusion because the hacker managed to get into a database where the hacker was able to view support center details in the material and download a file containing 13,000 lines of information, including 1,082 unique email addresses, Kemmerer said.
this is of course very reasonable because speculation like this must happen because basically the hacker is not likely to hack something just for fun.
besides that there must be some traces left because not all hackers play cleanly and only the pros are like that

[DdmrDdmr]

This data includes data that allows fraudsters to steal the funds of these traders?

The case is nearly a year old, but since this thread has resurfaced, it’s worth mentioning that the breached data details don’t seem to be crystal clear, although we know that over 1k emails and 13k rows of information were obtained during the hack. I’ve been looking around for further detail of the involved data fields, but came out empty handed.

It’s fair to assume that perhaps at least some specific crypto names and amounts were involved. Their software (see https[colon]//cryptotrader[dot]tax/cryptocurrency-tax-reports) also details information to generate the IRS Form 8949, which includes name and SS number, so this detail of information could have been compromised, although the claims say they weren’t:

CryptoTrader.Tax users had to enter their billing information the payment processor Stripe to pay for their subscriptions. However, Stripe assured that, while its system is connected to the hacked CryptoTrader.Tax support center platform, the link does not reveal sensitive user info such as credit, debit, and banking information as well as the physical addresses of its clients. As such, only customer email addresses and the general location was exposed by the hack.

https://tokenpost.com/More-than-1000-users-affected-in-a-cryptocurrency-tax-reporting-service-hack-5712

With the above, and assuming the limited scope, fraudsters/hackers should not have been able to directly obtain access to the crypto of those involved in the hack (it would have to involve credentials to custodial wallets, which is unlikely to be stored in this type of application; private keys are out of the question here).

Nevertheless, they could have used social engineering to try to trick/scam/blackmail/phish a few of the 1K affected by the hack. It will also depend on the time it took between the events took place (April 2020) and when they were actually communicated to those involved (general public was made aware months later, but those affected were possibly told before).

[Fortify]

A hacker has stolen data on more than 1,000 users from CryptoTrader.Tax, an online service used to calculate and file taxes on cryptocurrency trades.

The hacker broke into a CryptoTrader.Tax marketing and customer service employee’s account on a support center platform, according to a source who came across the hacker on a dark web forum. With this access, the hacker could see customers’ names, email addresses, payment processor profiles and messages sometimes containing cryptocurrency incomes.

The hacker then screengrabbed samples of this sensitive information, posted them on the forum to entice potential buyers of the data trove and sent additional pictures to the source, who shared this evidence with CoinDesk.

David Kemmerer, a co-founder and the chief executive of CryptoTrader.Tax, confirmed to CoinDesk that a hacker gained unauthorized access on April 7 to the marketing and customer service employee’s account. The hacker was able to see support center details in the materials and downloaded a file containing 13,000 rows of information, including 1,082 unique email addresses, Kemmerer said.

CryptoTrader.Tax’s security team investigated the breach and found tax filing account passwords and CryptoTrader.Tax’s website were not compromised, Kemmerer said. The team then alerted parties affected by the breach and took steps to improve security measures and monitoring systems across internal and third-party applications, Kemmerer said.

https://www.coindesk.com/hacker-cryptotrader-tax

The funny thing is that I'm unsure what the hacker will actually gain from this attack, maybe they just happened to have a vulnerability within their systems and it is sheer coincidence that they are in the cryptocurrency space. It would seem that people using the services of a cryto service with "tax" in the name are the kind of people who want to stay on the right side of the law when it comes to accurate accounting trails. I guess it could be useful for later phishing attempts or more specific targeting of owners with big holdings, but by itself it does not seem like a major risk to the people who were compromised - anyone with an ounce of sense should have unique credentials across different sites so that avenue is useless.

[mksundip]

I read the case in my opinion strange. How will the tax office know if a hacker is in there? or maybe this is one of the tactics of tax people to collect taxes from crypto traders?
For me, whatever the reason, it is wrong and violating someone's personal information

[taufik0911]

at this time we have to be really careful to store our assets because wallets on exchanges or centralized wallets can be very vulnerable to hacking
the safest way to store your cryptocurrency assets is in your own personal wallet or in a ledger
I hope everyone can be careful because there are currently a lot of exchanger hacks and phishing