AUS
NZ
UK
CA
USA
IND
Highlights
- Sensitive attendee data from crypto events is being sold, posing phishing risks.
- Lists contain personal, social media, and crypto wallet details, amplifying data theft.
- The data is being resold by anonymous sellers, with indications of a wider trade network.
A concerning trend is emerging in the cryptocurrency industry as sensitive attendee data from major crypto events is being sold online. The leaked lists contain personal details, including names, phone numbers, job roles, social media links, and even crypto wallet addresses. This raises significant concerns about phishing attacks and the potential misuse of personal information in the cryptocurrency sector.
The Growing Threat of Data Exploitation in the Crypto Industry
A recent report has highlighted a troubling trend in the crypto industry: personal data from event attendees is being traded under the guise of "marketing and promotion." These lists, containing sensitive information, are being sold by anonymous sellers, with the potential for widespread phishing and cybercrime.
What’s Inside the Leaked Data?
The data lists include a variety of personal and professional details. Attendees' full names, phone numbers, nationalities, job titles, and company affiliations are just the start. For many, additional data includes social media links, ticket purchase dates, types of tickets, and even the operating systems used during registration. More concerning, some lists even contain crypto wallet addresses, social media follower counts, and messages attendees sent to event organizers.
This personal information is typically gathered through registration forms at major industry events or side conferences, often using platforms like lu.ma, which require attendees to link their social media accounts for verification.
How the Data Is Being Sold
A series of data samples from the Telegram messaging platform was obtained by Cointelegraph. The samples consisted of lists of 60 to 100 participants derived from multiple events. These lists contain a mix of detailed data, offering a goldmine for scammers looking to target individuals with tailored phishing campaigns. In one instance, an attendee list from the November 2024 AIBC conference in Malta was priced at nearly $4,000 before being reduced significantly.
The seller, appearing to operate anonymously, claimed the proceeds from the data sale would be used to purchase additional lists from other events, such as Coinfest and DevCon, suggesting that this issue may extend beyond a single event or even organization.
Anonymity and Data Reselling Networks
The seller’s anonymity, coupled with the fact that both the seller and data compiler seem to have Russian ties, raises concerns about the scale of the operation. Evidence of Russian language used in the data files and analysis of the seller's communication style pointed to a possible network of data resellers. The justification provided for the sale of the data was that it was "not sensitive" and that attendees were "open to such marketing," despite the fact that such information could easily be exploited for malicious purposes.
Event Organizers' Response
Event organizers, like Eman Pulis of AIBC, have responded by emphasizing their commitment to data security, noting that strict protocols are in place to prevent breaches. However, the issue of fraudulent databases being offered to companies as legitimate data remains a challenge. Pulis noted that these lists are often misrepresented as coming from official sources.
While the validity of the full database remains unconfirmed, the fact that these databases are being sold suggests a growing concern over the protection of personal data in the crypto industry.
