We were pointed by a reader to a rather large database of the portal CoinPayEx, which the Zer0DayLab crew offers for public download on their file server.
CoinPayEx: Hack or lack of security measures?
Online portals for trading cryptocurrencies are extremely interesting for cybercriminals. If they actually succeed in penetrating deep enough into the system, the digital assets (wallets) of the users are tempting. Such hacks have worked more often in the past. Often, the hackers managed to transfer large sums to their own wallets before their crime was discovered.
What exactly happened at coinpayex.ltd was unfortunately not disclosed by the distributors of the illegal database. We have contacted them on Twitter and are still waiting for an answer.
Currently no new registration possible
Unfortunately, it is extremely complicated to contact the creators of this online project. Even at second glance, there was no website on the internet that could have been used to contact them. Yesterday we sent a warning e-mail to all available e-mail addresses of the management. One of the addresses is even invalid. We received a reply from the Demon mailer a few minutes later.
We asked CoinPayEx for a statement in our message. It would be exciting, for example, to clarify how the unknown persons were able to get hold of 1.6 GB of their customer data. Customers have the option to open their own wallets there, the details of which are also said to be in the database. Now, 24 hours later, we still have no answer.
What can cybercriminals do with this?
Assuming CoinPayEx has already blocked access to the wallets, financially speaking, not much. We do not know whether this is the case. But the data set contains further internal information on crypto trading. The information of the 194.205 users is apparently all unencrypted in the data set, as someone who took a quick look at it told us.
If people use passwords more than once, criminals could log in to other online services with the login data. But that is by far not all. The huge list of emails would certainly also be very welcome by phishers, to name just one example.