Menu
Browse

Cyber Threat Actor: Digileaker

Actor Type Location Known Incidents
 Icon
Insider - Disgruntled
Namibia
1 incident
Profile

Digileaker is an alias usedby a former employee of the cryptocurrency derivatives exchange Digitex, who is known to be based in Namibia. The actor gained notoriety in February 2020 after stealing and leaking Know‑Your‑Customer (KYC) documentation belonging to over 8,000 Digitex users, including passport scans, driver’s licenses, addresses, phone numbers and IP addresses. The breach began with the hijacking of Digitex’s Facebook account to disclose user email addresses, followed by the release of full KYC records on the Telegram platform. Digileaker claimed to possess the complete KYC dataset for every user who had interacted with Digitex’s treasury service since its inception and stated that the access was obtained through login credentials acquired when Digitex registered with its KYC provider Sum and Substance. The actor subsequently posted demands on Telegram, indicating an attempt to extort the exchange by threatening to release additional data unless certain conditions were met, which points to a financially motivated objective rather than espionage or disruption.

The threat actor’s tactics, techniques and procedures are limited to credential abuse and social media account manipulation, as no malware or custom tooling is referenced in the available reporting. Initial access was achieved by exploiting legitimate credentials from a third‑party KYC provider, allowing unrestricted retrieval of stored customer data. Exfiltration and distribution occurred via Telegram channels, while the initial publicity stunt involved compromising the exchange’s official Facebook account. No public attribution links Digileaker to a state sponsor, criminal consortium or larger hacking group; the actor is described solely as an individual with an insider position and a personal grievance against Digitex. The Digitex incident remains the only publicly documented operation associated with this alias, serving as a representative example of insider‑threat data theft and extortion targeting a financial‑technology service in the cryptocurrency sector.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
1 source