Experts warn of the risk of personalized phishing against affected users.
Fourteen administrator credentials were exposed, according to VECERT.
An actor identified as “unique” put up for sale a 26 gigabyte database with 73 million records belonging to a company (whose name was not revealed) that provides shared infrastructure to 46 platforms in the cryptocurrency ecosystem, non-fungible tokens (NFT), decentralized finance (DeFi) and artificial intelligence (AI), according to the security firm VECERT Analyzer.
According to the firm, the most immediate risk of this “massive leak” for users is the crossing of data, since the compromised base contains wallet addresses linked to emails.
The attacker, as explained, has already carried out balance checks on those wallets and identified accounts with funds of five and six figures in dollars. This combination, the firm warns, is a direct vector for attacks of phishing targeted, a practice that through personalized fraudulent communications seeks to trick the user into giving up access to their funds.
The second risk, according to report of VECERT, affects the platforms themselves. The leak includes credentials for 14 administrator accounts with their passwords encrypted. If those passwords were not rotated after the incident, an attacker could try to decrypt them and access the active infrastructure of the affected companies.
By volume of records, the most affected cryptoasset platforms according to VECERT are z1labs_cypher, a test blockchain with 45.5 million records of transfers and contracts; photonchain, a referral platform with 9.9 million; and stabilio_backend, a DeFi analytics platform with 8.9 million. The leak also includes data from an NFT marketplace and multiple AI broker platforms.
VECERT concluded its report by classifying the alert as “Maximum Priority” and issuing two recommendations: For users of the affected platforms, move funds to cold wallets (storage devices without an internet connection) and change the passwords of linked emails. For companies involved, immediately rotate all database credentials and programming interface (API) keys.