In brief

  • An ex-employee has stolen KYC data from 8,000 Digitex users.
  • Digitex is a crypto futures trading platform, which denied the leak.
  • Several documents have already been released in a Telegram group.

A disgruntled ex-employee has started posting personal data stolen from crypto futures exchange Digitex, in a Telegram channel today—confirming a massive data breach. The data haul reportedly includes know-your-customer (KYC) documents, including passport photos and driving licenses, for 8,000 of Digitex’s users.

“Digitex Futures is aware of momentum gaining on Telegram about a further leak of confidential data. We are not able to comment on the incident at this time and are currently seeking legal counsel. We would like to apologize for any distress or inconvenience caused and assure you that we are doing everything in our power to rectify the situation,” Digitex said in a statement today.

Digileaker has revealed passport data of three users. Image: Shutterstock.

The leak was first revealed in February. At the time, Digitex CEO Adam Todd said that only emails had been stolen and blamed a former employee, but did not mention his name. But the new documents are strong evidence that the leak did, in fact, happen.

“He was on team phone calls, hearing a lot of confidential information. When you have someone like that working against you, it’s very difficult,” Todd stated, at the time.

What has the Digileaker revealed so far?

So far, three documents have been revealed including the date that they started using the exchange and their corresponding emails. Some of the details have been obscured.

The self-proclaimed “Digileaker” said, in the Telegram channel, “I have the entire kyc documentation of every single user who has used the Digitex Treasury from it’s (sic) inception date until today.”

In a conversation with a pseudonymous crypto scam hunter known as CryptoVigilante—who runs a Telegram channel dedicated to raising awareness of misdeeds in the community, the Digileaker explained how the data was taken.

"The data came from a login that Digitex setup when they registered with Sum and Substance [a KYC provider]. This login with a username, password and 2FA gives unrestricted access to all the KYC information of 8000+ customers including documents, address, phone numbers and other information like IP address,” he said.

The Digileaker did not confirm that he was, indeed, an exmployee. “Who shall we blame this time? A former advisor? A former employee? Spotware? The Dublin team? A master hacker? The pet cat? Arthur Hayes? Stay tuned!” he wrote.

Decrypt has reached out to both Digitex and the Digleaker and will update this article if we hear back from them.