A disgruntled ex-employee has started posting personal data stolen from crypto futures exchange Digitex, in a Telegram channel today—confirming a massive data breach. The data haul reportedly includes know-your-customer (KYC) documents, including passport photos and driving licenses, for 8,000 of Digitex’s users.
“Digitex Futures is aware of momentum gaining on Telegram about a further leak of confidential data. We are not able to comment on the incident at this time and are currently seeking legal counsel. We would like to apologize for any distress or inconvenience caused and assure you that we are doing everything in our power to rectify the situation,” Digitex said in a statement today.
The leak was first revealed in February. At the time, Digitex CEO Adam Todd said that only emails had been stolen and blamed a former employee, but did not mention his name. But the new documents are strong evidence that the leak did, in fact, happen. “He was on team phone calls, hearing a lot of confidential information. When you have someone like that working against you, it’s very difficult,” Todd stated, at the time.
So far, three documents have been revealed including the date that they started using the exchange and their corresponding emails. Some of the details have been obscured. The self-proclaimed “Digileaker” said, in the Telegram channel, “I have the entire KYC documentation of every single user who has used the Digitex Treasury from it’s (sic) inception date until today.”
In a conversation with a pseudonymous crypto scam hunter known as CryptoVigilante—who runs a Telegram channel dedicated to raising awareness of misdeeds in the community, the Digileaker explained how the data was taken.
“The data came from a login that Digitex setup when they registered with Sum and Substance [a KYC provider]. This login with a username, password, and 2FA gives unrestricted access to all the KYC information of 8000+ customers including documents, address, phone numbers and other information like IP address,” he said.