BuyUcoin Cryptocurrency User Data Allegedly Affecting Lakhs of People Leaked on the Dark Web

The leaked data is claimed to include sensitive information of more than three lakh BuyUcoin users.

Advertisement
By Jagmeet Singh | Updated: 22 January 2021 17:18 IST
Highlights
  • BuyUcoin data including users’ bank details surfaced on the dark Web
  • Researcher Rajshekhar Rajaharia informed about the leak
  • BuyUcoin claimed the leaked details were of some dummy accounts
BuyUcoin Cryptocurrency User Data Allegedly Affecting Lakhs of People Leaked on the Dark Web

BuyUcoin may have faced a severe data breach in September last year

Photo Credit: Pexels

Banking and KYC information of lakhs of users of BuyUcoin, which trades bitcoin and other cryptocurrencies, has allegedly been leaked on the dark web. The details included the names, email addresses, mobile numbers, order information, and deposit history of users, according to a security researcher. The data dump available on the dark Web also appears to have bank details including bank names and account numbers, as well as know-your-customer (KYC) information that includes PAN and passport numbers of the people using BuyUcoin platform. The company has however denied the leak and said the surfaced data dump was of some dummy accounts.

Cybersecurity researcher Rajshekhar Rajaharia told Gadgets 360 that he found the data dump on the dark Web earlier this week. It included the details of more than three lakh BuyUcoin users, he said. The Delhi-NCR-based company claims to have over 3.5 lakh users in total.

The researcher said BuyUcoin appeared to have faced a data breach in September last year that resulted in the latest leak on the dark Web. Alongside user details, the data dump included a folder with admin credentials that could be used to access the server, he noted.

Rajaharia stated that the dump was posted on the dark Web by Shiny Hunters, the hacker group that allegedly leaked the data of BigBasket and JusPay in the recent past.

The leaked data could be used by bad actors to run fraudulent attacks against individuals, the researcher said. He also added that the data could also enable hackers to understand the credit score of the victims using transaction details.

Advertisement

BuyUcoin CEO and Co-founder Shivam Thakral denied the leak. “We would like to reiterate the fact that only dummy data of 200 entries was impacted which was immediately recovered and secured by our automated security systems,” he told Gadgets 360 over email.

However this might not be correct, as a person whose data was revealed in the data dump came forward to Gadgets 360 and said that their bank and KYC details were revealed.

Advertisement

“What if a bad actor would use any of the leaked user accounts in any illegal crypto activity?” asked Rajaharia while countering the company's rejection of the data leak. “Who will be responsible in such a case? Crypto data leak may become a very serious issue as the data could be used in illegal activities in many ways in such cases. It's the company's responsibility to inform affected users and protect data instead of making any false claims.”

Thakral however denied the leak again, and responded by saying that it was just a hoax to defame the company.

Advertisement

“These people who reached out to journalists are friends of hackers, they are just showing our email IDs are there,” he said. “This doesn't make sense to me.” But a part of the data dump, as seen by Gadgets 360, contained these details for a huge number of users, so it appears to be a real dump, and hopefully the company is investigating the matter.

Update, 5PM, Jan 22: In a mailed statement BuyUcoin noted: “This incident remains an ongoing investigation. We will keep all the stakeholders updated about the proceedings and conduct a major cybersecurity overhaul throughout 2021 to upgrade platform security.” You can see the full statement below.

No bitcoins or any other cryptocurrencies appear to have been stolen in the leak. However, in the past, there have been instances of cryptocurrency exchanges and wallets getting hacked and bitcoins being stolen.

In April 2020, a hacker exploited a security flaw in Bisq bitcoin exchange and stole more than $250,000 (roughly Rs. 1.82 crores) worth of cryptocurrency from users. Binance, one of the leading cryptocurrency exchange platforms, also saw a data breach in May 2019 in which hackers were able to steal over $40 million (roughly Rs. 290 crores).

Regarding the recent media reports, we are thoroughly investigating each and every aspect of the report about the malicious and unlawful cybercrime activities by foreign entities in mid-2020. Every BuyUcoin user with active portfolio has 3 factor authentication enabled trading accounts. All our user's portfolio assets are safe within a secure and encrypted environment. 95% of user's funds are kept in cold storage which are inaccessible to any server breach.

BuyUcoin platform has following features to ensure that customer account remains safe and secure from any kind of cyberattack:

1. Strong password and account OTP verification.

2. Google 2 Factor Authentication (enabled from security section under customer's profile)

3. Trading Pin (Under the security section, customers can enable trading pin a six-digit code for transaction verification)

4. Also, as an extra security step, every transaction requires an OTP from customer's email.

However, this incident remains an ongoing investigation. We will keep all the stakeholders updated about the proceedings and conduct a major cybersecurity overhaul throughout 2021 to upgrade platform security. BuyUcoin stands in solidarity with other companies who have faced such unlawful cyber-attacks recently. There is an urgent need to revise the current cybersecurity policy to counter such attacks. BuyUcoin is more than willing to work with industry peers and other relevant stakeholders to protect the financial technology ecosystem.


What will be the most exciting tech launch of 2021? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Affiliate links may be automatically generated - see our ethics statement for details.
 

Also seeCryptocurrency Prices across Indian exchanges

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Nothing Phone 3 Price, Colour Options Tipped Ahead of Global Debut
  2. Realme C71 With 6,300mAh Battery Goes Official: Price, Specifications
  3. Samsung Galaxy Z Fold 7 Spotted on WPC Database With Qi2 Charging Support
  4. Google Pixel 10 Series Reportedly Set to Launch on August 20
  5. Vivo Y19s Pro With 6,000mAh Battery, 50-Megapixel Main Camera Launched
  6. Meta Aiming to Fully Automate Advertising With AI by 2026: Report
  7. Microsoft Bing Is Letting You Generate AI Videos Using Sora for Free
  8. Samsung Galaxy Ring 2 Said to Be in Development, but 2025 Launch Unlikely
  1. Hi-Fi Rush Developer Tango Gameworks Announces Rebrand, Begins Hiring for New Action Game
  2. ISRO Successfully Tests SE2000 Engine for Next-Gen LVM3 Rocket Upgrade
  3. Japan’s Resilience Lander to Touch Down on the Moon on June 5: What You Need to Know
  4. 1,350-Year-Old Burial Reveals ‘Ice Prince’ Toddler Laid to Rest With Sword and Silk Robes
  5. Padakkalam OTT Release Date: When and Where to Watch Malayalam Supernatural Comedy Online?
  6. iPhone 17, iPhone 17 Air to Debut Without ProMotion Display Features, Tipster Claims
  7. OpenAI's Plans for All-Knowing ChatGPT Super Assistant Revealed in Internal Document
  8. Flagship India EV Policy Is a ‘Non-Starter’ for Global Firms
  9. Samsung Galaxy S25 Ultra Price in India Temporarily Cut by Rs. 12,000: Specifications, Features
  10. Elden Ring Nightreign Sells 3.5 Million Copies as FromSoftware Confirms Duos Mode Is on the Way
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.