Key Takeaways
- A seller on RaidForums has attempted to sell data that supposedly originated from crypto exchange Paxful.
- Paxful says that the data is not user records from its exchange, but rather old employee records from a payroll site.
- Though Paxful’s account of the incident is likely correct, breaches of user data are quite commonplace.
Peer-to-peer Bitcoin exchange Paxful says that its user data has not been leaked, despite claims to the contrary by an individual attempting to sell the supposedly stoen data.
Stolen Data Is Not User Records
A member of the stolen data marketplace RaidForums recently put up for sale a database supposedly containing information on 4.8 million Paxful customers and staff. That data would contain the names, birth dates, and contact information of Paxful’s users.
However, it appears the data for sale does not actually exist. Ray Youssef, CEO of Paxful, stated on Twitter that “all funds and identities are safe.” He added that “no user data was leaked [and] no breach was ever made [against] our users. Ignore the FUD.”
He asserted that the leaked data was in actual fact “old employee records from a payroll site we no longer use.”
It seems likely that Youssef’s account is correct. According to Decrypt, potential buyers of the allegedly stolen data were unwilling to pay because Paxful had not reported a breach. RaidForums administrators reportedly tagged the sale as suspicious as well.
Was Any Data Stolen?
Though Paxful might not have been attacked, crypto companies are frequent targets of data theft. In 2021 alone, KeepChange and BuyUCoin both saw data leaks. In previous years, Ledger, Poloniex, BitMEX and BTC Markets have also had user data exposed.
Data leaks, both actual and imagined, could encourage some users to move to decentralized exchanges that do not store user records.
However, even that is not enough to solve the problem, given that non-crypto websites can also be hacked. According to Wikipedia, over 350 companies have experienced user data breaches since 2004, including big tech companies like Yahoo and Facebook.
Disclaimer: At the time of writing this author held less than $75 of Bitcoin, Ethereum, and altcoins.