Data breach at Buyucoin crypto exchange leaks user info, trades


A threat actor has leaked the stolen database for Indian cryptocurrency exchange Buyucoin on a hacking forum for free.

Over the weekend, a threat actor known as ShinyHunters posted the link to an archive that contains the alleged database dumps for the Buyucoin cryptocurrency exchange.

Pixlr database leaked for free

ShinyHunters is a threat actor well-known for hacking into websites and selling stolen user databases in private sales or via data breach brokers. This past week, ShinyHunters posted the databases for men’s clothing store Bonobos and photo editing site Pixlr.

In the past, ShinyHunters also released the stolen databases for numerous other sites, including Tokopedia, Homechef, Dave, Promo, Mathway, and Wattpad.

The Buyucoin archive leaked by the threat actor this week includes three different data dumps allegedly of the exchange’s MongoDB database. This archive contains three tar files named after the date the database was dumped, which was on June 1st, 2020, July 14th, 2020, and September 5th, 2020.

It is unknown if the threat actor performed these dumps on those dates or if they are backups created by Buyucoin.

These database dumps contain tables for user records, cryptocurrency trade transactions, linked bank account information, and others used internally by the exchange.

The user records table contains the information for 161,487 members. It includes email addresses, country, bcrypt hashed passwords, mobile numbers, and Google sign-in tokens if used when registering an account at the site.

A sample user record from the database
A sample user record from the database

The wealth of information and the rising value of cryptocurrency has made this an exciting data leak for other threat actors on the hacking forum, who have posted their thanks for the data.

While Buyucoin has not responded to our email about the leaked database, from the data shared with BleepingComputer, it was possible to confirm the leaked email addresses correspond to the exchange users.

Buyucoin has also provided statements to Indian media stating that they are investigating the breach.

“Regarding the recent media reports, we are thoroughly investigating each and every aspect of the report about the malicious and unlawful cybercrime activities by foreign entities in mid-2020. Every BuyUcoin user with active portfolio has 3 factor authentication enabled trading accounts. All our user’s portfolio assets are safe within a secure and encrypted environment. 95% of user’s funds are kept in cold storage which are inaccessible to any server breach,” Buyucoin said in a statement to Gadgets360.

What should Buyucoin users do now?

As some of the exposed data is confirmed as accurate, it appears to be a legitimate breach.

Even though Buyucoin states that members are protected by 2FA, it is still strongly suggested that all users change their passwords on the site out of an abundance of caution. 

If the same password at Buyucoin is used at other sites, you should also change your password at these sites to one unique for the site.

A password manager is recommended to help you manage the unique passwords you use at the different sites.

With cryptocurrency at record prices, users should be on the lookout for targeted phishing campaigns that attempt to steal login credentials, convince you to disable MFA, or download and install malware.

You May Also Like…