Brinztech Alert: Alleged Database of CoinTracker is on Sale (2.7 Million Records)

Dark Web News Analysis

A threat actor on a known hacker forum is advertising the sale of a database allegedly belonging to CoinTracker, a popular cryptocurrency portfolio tracking and tax compliance platform. The dataset reportedly contains 2,707,120 lines of user data.

Brinztech Analysis:

• The Data: The leak allegedly exposes sensitive Personally Identifiable Information (PII), including Names, Physical Addresses, Email Addresses, Phone Numbers, and Birth Dates.
• The Target: CoinTracker aggregates data from users’ exchanges (Coinbase, Binance) and wallets (MetaMask) to calculate taxes. While the initial report mentions PII, the critical question is whether API Keys or Portfolio Balances are included.
  • Note: Even if API keys are not in the text file, the PII alone allows attackers to target users based on the assumption that they hold cryptocurrency.
• The Context: A leak of 2.7 million records represents a significant portion of CoinTracker’s user base. The inclusion of Birth Dates and Addresses suggests this could be data related to the platform’s tax filing features (which require strict KYC/identification) rather than just a marketing list.

Key Cybersecurity Insights

This alleged data breach presents a uniquely dangerous threat profile due to the intersection of PII and Cryptocurrency Assets:

• The “Sim Swap” Blueprint: The combination of Mobile Phone Numbers and the knowledge that the victim is a Crypto Investor is the exact recipe for SIM Swapping attacks. Attackers use the personal info to trick mobile carriers into porting the victim’s number, then intercept SMS 2FA codes to drain exchange accounts.
• Targeted Phishing & Extortion: Attackers can use the name and address to send highly personalized extortion letters (physical or digital), claiming to be the IRS or a tax authority demanding “unpaid crypto taxes.”
• Physical Security Risk: Exposing the home addresses of 2.7 million verified crypto holders creates a real-world security risk. Criminals can filter the list by affluent neighborhoods to target individuals for burglary, knowing they likely possess hardware wallets or seed phrases.
• Regulatory Fallout: CoinTracker handles data for tax compliance. A breach of this magnitude would trigger severe penalties under GDPR (Europe) and CCPA (California), as well as potential scrutiny from financial regulators.

Mitigation Strategies

In response to this claim, CoinTracker users must take immediate, proactive defensive measures:

• API Key Rotation (Critical): As a precaution, users should revoke and regenerate all API keys connected to their CoinTracker account. Ensure new keys are set to “Read Only” and have “Withdrawal” permissions disabled.
• Switch to Hardware 2FA: Remove SMS-based 2FA from all your crypto exchange accounts immediately. Use an authenticator app (Authy/Google) or, preferably, a hardware key (YubiKey). Your phone number is now a vulnerability.
• Credit Freeze: Given the exposure of Birth Dates and Names, users should freeze their credit with major bureaus to prevent identity thieves from opening loans in their name.
• Phishing Vigilance: Be extremely skeptical of emails from CoinTracker asking you to “re-connect your wallet” or “verify your tax status.” Always navigate directly to cointracker.io rather than clicking email links.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com