A major data breach has occurred at Trident Crypto Fund, resulting in the publication of over a quarter of a million customer usernames and passwords online.

According to a report published on March 5, 2020, by Russian media outlet Izvestia, the personal data of 266,000 registered Trident Crypto Fund users was illegally accessed when a database was compromised.

 

Data stolen in the attack against the fund is said to have included email addresses, cell phone numbers, encrypted passwords, and IP addresses.

Ashot Oganesyan, technical director of cybersecurity company DeviceLock, told Izvestia that users’ data was posted on a number of file-sharing websites around February 20, 2020.

According to Oganesyan, the hackers responsible for the attack decrypted and published a dataset of close to 120,000 passwords on March 3. He emphasized that more than 90% of the login/password pairs were unique and had never been found in leaks before.

With this information in hand, hackers could potentially get into users’ accounts and access their funds.

 

Trident Crypto Fund is a crypto-investment index fund that operates out of Dragonara Business Centre in Malta, touting itself as “the first coin-based index fund.”

No mention of the data breach has been made on the fund’s website or announced via its Telegram group. However, Izvestia contacted an individual whose data was breached in the incident, who confirmed the connection between the leaked data and the Trident Crypto Fund.

“We work hard to help keep your account secure and protect your personal information,” it states on the fund’s website.

 

“We work hard to ensure that the information you share is secure. We investigate any suspected breach of security, including fraud activity.”

Oganesyan said that the data breach was notable as being the first such incident to have a major impact on Russian citizens. According to Oganesyan, 10,000 Russian users were affected by the attack on Trident Crypto Fund.

 

“Apparently, Russian citizens might already have got their data leaked before. However, no one has taken them into account before, and personal data leakage of 10,000 Trident Crypto Fund users can be considered the first major personal data leak of Russian crypto investors,” said Oganesyan.