In brief

  • The hacker who breached Digitex claims he’s not an ex-employee.
  • Digitex confirms the leak of over 8,000 users’ KYC data.
  • Data leaks have been happening for months, the hacker states.

Adam Todd, the CEO of crypto futures trading platform Digitex, has acknowledged the massive data breach of personal data for up to 8,000 of its users, blaming a disgruntled ex-employee.

“At that point, we were only aware of the email data that had been taken. With the second breach, however, it is our great regret to say that sensitive data was compromised,” Digitex said, in a statement today, adding, “Again, it was not a hack but orchestrated by the same person as the previous leak.”

As the details were slowly leaking out on Telegram, Decrypt reached out to the hacker and asked him what really happened. As it turned out, the “Digileaker” claims he’s not even an investor, let alone a resentful ex-staff member.

The hacker, who wished to remain anonymous, told Decrypt that while the aforementioned ex-employee might actually exist, he has absolutely nothing to do with the security breach.

“I am not an ex-employee or contractor or somebody else from Adam or Digitex’s past who he can lay the blame on as he has done on many occasions. [...] If they think I am an ex-employee, it points out that they have no idea or clue about how it happened and that worries me. But it is not a problem for me, I am safe,” he said.

Backing up his story, the latest leaked passport photo was dated March 1—well over two weeks after the alleged ex-employee was reportedly cut off from Digitex’s system.

The blame game

According to the Digileaker, he was following Digitex’s development for a long time—not investing in it, but rather interested in the technical side of the platform. For example, he was intrigued by the white paper promising non-custodial balances at some point in the future.

As for what the motive for the breach was, the Digileaker noted that after two years since Digitex’s initial coin offering (ICO), “they have had countless failures on the road,” yet the company allegedly always blamed third parties for the bumps.

Answering about the exact method of the hack and whether users of Digitex Treasury remain subject to some other risks, the Digileaker said that he has not tried any other attack vectors and is not sure what other data Digitex holds on their customers’ past or present.

“I cannot say exactly for now as I’m interested to see if they are capable of addressing their weak spots,” he said, adding, “Their customer data is safe with me, for now. We will see what unfolds.”

Todd recently claimed that the documents couldn’t have been hacked because they were sent directly to Digitex’s KYC provider. The Digileaker disagreed, claiming he downloaded all the documents directly from Digitex’s server since compromising any of the KYC provider’s systems “would be virtually impossible.”

Today, the Digileaker wrote in his Telegram channel: “Finally they seem to have closed off access, it only took a few days. You should be safe doing KYC now.”

With crypto projects under scrutiny for not being transparent enough, it’s ironic that black hat hackers are the ones solving the problem.