Press "Enter" to skip to content

Data of Lakhs of users suspected to be leaked from Crypto Exchange BuyUCoin

Sensitive data leaked include names, email addresses, PAN, Aadhaar, mobile number, order details, bank details, deposit history, order history and more. The encrypted values of passwords are also leaked in the BuyUcoin Hack.

Indian Cryptocurrency Exchange BuyUcoin’s user data has allegedly been leaked according to multiple reports. The data dump contains details of roughly 3.25 lakh users. The data is contained in a MongoDB dump, which is a widely used database for modern apps.

The first reports of the hack came out on Thursday evening when multiple news outlets published a syndicate feed from IANS. The hack was discovered by independent security researcher Rajshekhar Rajaharia.

IANS report says, Researchers at cyber security firm Kela Research and Strategy Ltd first discovered the stolen data, linked on the same forum, from Wongnai Media Co Ltd, Tuned Global Pvt Ltd, BuyUcoin, Wappalyzer, Teespring Inc and Bonobos.com, which looks the handiwork of infamous hacking group ShinyHunters.

BuyUcoin has denied the report and released a statement, “only dummy data of 200 entries were impacted which was immediately recovered and secured by our automated security systems.”

Coin Crunch has independently, identified and verified the data on the dump files still available to download on multiple sites. We ran a query on certain BuyUcoin users with their consent and were able to find their emails, KYC data, contact details, order history and much more.

BuyUcoin gave a statement to Coin Crunch

Regarding the media report, we are thoroughly investigating each and every aspect of the report about malicious and unlawful cybercrime activities by foreign entities in mid-2020.

Every BuyUcoin user with active portfolios have 3FA enabled trading accounts.

All our user's portfolio assets are safe and sound within a secure environment 

95% of user's funds are kept in cold storage, inaccessible to any server breach.

Here’s a list of steps made to ensure that your account remains safe - 
 1. Strong Password and Account OTP Verification.
 2. Google 2FA Authentication ( enable from security section under profile) 
 3. Trading Pin ( Under the security section, you can enable trading pin a six-digit code for transaction verification)
 4. Also, as an extra step every transaction requires an OTP from your email.  

Based on the internal investigation, we will be keeping you updated with the proceedings and conduct a major cybersecurity overhaul throughout 2021 to upgrade platform security

-BuyUcoin Crypto Exchange

According to Rajaharia, the hacker is the same who earlier leaked BigBasket and JusPay data in India.

In November last year, one of India’s popular online grocery stores BigBasket found that its data of over 20 million users had been hacked and were on sale on the dark web for over $40,000.

Rajaharia showing his own details in the buyucoin hack dump
Rajaharia Shared the image of his own data on twitter.

The reports further say, the hacker is the same who earlier leaked BigBasket and JusPay data in India. In November last year, one of India’s popular online grocery stores BigBasket found that its data of over 20 million users had been hacked and were on sale on the dark web for over $40,000.

If you are a BuyUcoin user, please do the following to safeguard yourself:

If you are a user of BuyUcoin, please take certain precautionary measures to safeguard yourself from any potential damage.

  1. Change your login password on the exchange.
  2. Change the password for your email address and anywhere else where you have used the same password.
  3. Do not respond to any threats you may receive on emails. Hackers and scammers will use your email to send you multiple phishing emails. Do not open any links until you are absolutely sure who the sender is. A similar hack of Ledger’s data has subsequently led to users receiving legitimate looking emails.
  4. If you use the same email address on other exchanges, change it.
  5. As a safety precaution, do not use your names in your email addresses used for sign ups. It’s very easy to guess email addresses if your real names are included in them.
  6. Do not share any OTP, Seed Phrases, Passwords with anyone. ANYONE.
  7. Lastly, stay calm. Do not panic. Shit Happens!
Read more: Be careful of Crypto scams on Telegram. 

Edit Note: BuyUcoin’s statement was added later!

Be First to Comment

Leave a Reply

Your email address will not be published.

Latest Posts
Send this to a friend