A threat actor has allegedly posted databases from three US-based cryptocurrency companies for sale on a hacking forum, putting the sensitive information of potentially over one million users at risk. The targeted companies include prominent players in the Bitcoin self-custody and digital asset sectors. The seller claims to be offering exclusive, “one hand only” access to the user databases, which, if legitimate, could expose users to significant financial and personal security threats.
The companies named in the forum post are all based in the United States and serve distinct roles within the crypto ecosystem. The alleged data leak includes highly sensitive user information that could be leveraged for phishing campaigns, SIM swapping attacks, and other malicious activities. The full details of the data allegedly for sale are listed below:
- 🇺🇸 Casa (casa.io): A well-known company that provides secure Bitcoin self-custody solutions through multi-signature wallets. The alleged data breach involves 330,000 user lines.
- Users, user ID, email, password, wallet, registration date, referral code
- 🇺🇸 Theya (theya.us): A platform offering employee benefits paid for with cryptocurrency. The actor is allegedly selling a database of 194,000 users.
- User, user ID, username, email, phone number, password, wallet, chain ID, registration date, last login date
- 🇺🇸 Nunchuk (nunchuk.io): A provider of collaborative, multi-signature Bitcoin wallets. The actor claims to possess a database of 491,000 users.
- Users ID, username, password, email, and phone number
