Topic: Hacker Stole 1,000 Traders’ Personal Data From CryptoTrader.Tax - page 3. (Read 625 times)

It makes sense for a company like cryptotrader to check their security after a massive data breaching in twitter had occur however as for what I understand through reading the article there were no trace or evidence that they are breached but someone just saw it on the dark web. Does this mean that the hacker went easily to pass their security level? perhaps an inside job?

The short answer is that they simply do not know it and they are just making that up, if a hacker gets access to your systems then it is not out of the realm of possibility that he was able to get access to certain information and you were not aware of it, they are saying that just to try to calm people down and try to shift the issue.

Unfortunately as governments try to make this market more centralized we are bound to see more hacks on the future and as the value of the cryptocurrencies increases then the amount stolen will keep increasing and unfortunately this will have the effect of slowing down adoption as people read about this news and think the market is insecure, when in fact centralized platforms are the ones that are insecure.

my first thought was "oh shit, what if they got tax IDs, physical addresses, and other filer info"? fortunately the breach doesn't actually look that bad.


i noticed that and thought "thanks for waiting 4.5 months until the dump was found on the dark web to mention it"! but maybe they at least informed affected customers at the time. it's not 100% clear when they disclosed it:

Probably dumb. Go to any IT office and you'll see passwords and logins all over the place. Written on pieces of paper, stickers attatched to monitors. Often workstations have some easy passwords with numbers and the logins are first names of employees.

Security in 90% of corporations sucks. They have key cards for every door and security in the building but computers have minimal protection.

Normally after the Twitter hack, everyone should check the system and improve its security... I don't think it is an inside job, but incompetence these days may cost companies much

Isn't this something that was expected to happen when crypto was being expected to go mainstream? Come on, BTC is on TV ads, banners, almost everywhere and this is the security that these tax guys give? Just because of this security breach, 100s of customers have lost their privacy and will definitely be touched by government officials once their data gets leaked. No doubt they were already going the legal way by paying taxes, but how much tax, is what this company was going to deliver them with their work. I'm afraid we're all prone to hacks almost everywhere where no tight security is available (eg.; Casinos, gambling websites, lending websites, DeFi websites, etc.)

Maybe if they begin to get the companies/organizations compensate the victims for such hacks, others will be too scared to have such sensitive information without proper and strongest possible security measures, and the hacks will likely stop becoming frequent.
 Losing your private data to hackers is a very dangerous thing that can happen and people hardly take this seriously.

I don't think that their system or access to it was compromised when I read the "marketing" thing I'm assuming that accounts of one of the employees have been compromised and most of the times these guys pile data after data and sheets over sheets of info around with no real protection,  email is often used to share lists and even google drive. Somebody working on the newsletters, nobody doing a report on their target customers and there you have it.

The fact that no real sensitive information was confirmed leak makes me believe more in this hypothesis.

One thing that also struck me:

So, how do you imagine a decentralized platform for doing your taxes? 

Sounds more like an inside job as without the proper authorization no one can access the account of an employee or the employee was a dumb.

Other reason can be that CryptoTrader do not have the highest level of security features or firewall activated in their system.

Anyways it is big dent to their reputation and trust.

The article states it in the first few paragraphs:
I figure that CryptoTrader.Tax had no hard time in verifying that the breach was real.

This case rings a bell (read notorious Twitter accounts used to scam recently), as the hack was allegedly performed by means of using a:
That enabled the hacker to obtain inside information. Now how the company allowed for an external access to the system, even if the credentials were known, beats me. Nowadays, corporations can delimit external access through a range of mechanisms, which include verifying that the external device is authorised (i.e. account authorised vpn credentials + laptop authorization verification). Of course the hacker could have made the access through one of the employees devices, which would place a spotlight on who gave way for the breach to take place from his device.

I'm just wondering how they know the other information such as the passwords are not in custody of the hacker. It is not unbelievable to see hacker stealing information but it become worrisome when they have direct access to your account. The hacker might not compromise the password by changing it but might know the passwords. This is part of the reason why people have not supporting centralized platforms

How do they conclude that when the hacker successfully stole data from the website?


They should improve the security measures, and investigate how this happened. Also, they have to be investigated as well if there is an inside job within the company as their information is vital, and it could put the lives of their clients at risk.

A hacker has stolen data on more than 1,000 users from CryptoTrader.Tax, an online service used to calculate and file taxes on cryptocurrency trades.

The hacker broke into a CryptoTrader.Tax marketing and customer service employee’s account on a support center platform, according to a source who came across the hacker on a dark web forum. With this access, the hacker could see customers’ names, email addresses, payment processor profiles and messages sometimes containing cryptocurrency incomes.

The hacker then screengrabbed samples of this sensitive information, posted them on the forum to entice potential buyers of the data trove and sent additional pictures to the source, who shared this evidence with CoinDesk.

David Kemmerer, a co-founder and the chief executive of CryptoTrader.Tax, confirmed to CoinDesk that a hacker gained unauthorized access on April 7 to the marketing and customer service employee’s account. The hacker was able to see support center details in the materials and downloaded a file containing 13,000 rows of information, including 1,082 unique email addresses, Kemmerer said.

CryptoTrader.Tax’s security team investigated the breach and found tax filing account passwords and CryptoTrader.Tax’s website were not compromised, Kemmerer said. The team then alerted parties affected by the breach and took steps to improve security measures and monitoring systems across internal and third-party applications, Kemmerer said.

https://www.coindesk.com/hacker-cryptotrader-tax