The cybersecurity firm VECERT Analyzer warned on April 24 about an alleged massive data leak from Gold Union, a French company dedicated to the buying and selling of precious metals. According to the report, a malicious actor identified as “shinyc0rpsss” claims to have exfiltrated approximately 120,000 customer records with sensitive personal information.
Gold Union itself had already acknowledged the incident in a letter sent to its clients, according to a local report. According to that releasethe intrusion occurred on March 25 and would have allowed an unauthorized third party to access data such as name, surname, postal address, copy of the national identity document, contractual data (invoices) and, for some clients, bank coordinates.
VECERT adds that the information exposed also includes the estimated weight of the gold purchased by each client, the price per gram, digital signatures and direct links to photographs of the gold stored on public servers.
Additionally, samples from that database are already circulating in open access and were published by the attacker on Telegram channels in JSON format, VECERT states.
VECERT recommended that Gold Union urgently audit its cloud storage systems, because photographs of documents and products would be accessible from public web addresses. The alert also urges the company to notify the 120,000 affected customers. Until the time of publication of this article, Gold Union did not issue an official response regarding the incident.
A country under a wave of physical attacks on bitcoiners
The leak occurs in a particularly delicate context. As reported by CriptoNoticias, France became, in the first weeks of 2026, the global epicenter of a criminal modality aimed at bitcoin holders.
Of the 14 global physical attacks on bitcoiners recorded until mid-February in analyst Jameson Lopp’s tracker, 11 occurred on French soil.
Among the documented cases are the kidnapping of a magistrate and her mother in the department of Drôme at the beginning of February, and the attempted assault on the home of the CEO of Binance France, David Prinçay, just days later. The modality combines ransom demands in cryptocurrencies with threats of mutilation.
A recent precedent with the same pattern
The link between data breach and physical attacks is not hypothetical in France. In January, the hack of Waltio, a French digital asset tax platform, exposed data of approximately 50,000 users and that information served as a catalog to profile victims of subsequent attacks.
Beyond physical attacks, leaks of this type also enable less visible but more massive digital attacks, such as phishing (identity theft through digital channels).
In this modality, criminals contact victims by email, text message or phone call, posing as the affected company or financial institutions, with the aim of inducing the user to hand over passwords or additional bank details.
The accuracy of the leaked data makes the deception more convincing. In the French case, however, what distinguishes these and other recent leaks is that the threat does not end in digital. The same data that is used for a fraudulent email is used, in the current context of the country, for organized crime to select physical targets.
The leak claimed by “shinyc0rpsss” extends that pattern beyond bitcoiners. The package combines three elements that previous cases showed to be useful in selecting victims: A verified address, photographic evidence of the valuable physical asset, and the estimated weight of the gold in each client’s hands.