Menu
Browse

Cyber Threat Actor: SafeMoon Hacker

Actor Type Location Known Incidents
 Icon
Criminal
United States of America
1 incident
Profile

Thethreat actor known by the alias SafeMoon Hacker is publicly associated with a single cybersecurity incident that occurred in early 2023. Open‑source reporting identifies the actor’s location as the United States of America, though no further personal or organizational details have been disclosed. The alias itself appears in connection with a breach affecting Consensys, the company behind the MetaMask cryptocurrency wallet, and no other aliases or affiliations have been attributed to this actor in publicly available sources.

In the reported incident, the actor gained unauthorized access to a third‑party system that handled customer support requests for MetaMask. This access allowed the actor to view and potentially exfiltrate email addresses and other personally identifiable information belonging to roughly seven thousand users. The breach persisted over several months, with customer complaints submitted during the affected period being compromised. Consensys confirmed that the actor did not exploit MetaMask’s core blockchain infrastructure, limiting the impact to the support‑ticket database and associated user contact details. The source of this information is a Databreachtoday article that outlines the timeline and scope of the compromise.

No additional campaigns, malware families, tooling styles, or strategic objectives have been publicly linked to SafeMoon Hacker, and no state nexus or criminal consortium affiliation has been established. Consequently, the actor’s known activity is confined to the aforementioned unauthorized access event targeting a cryptocurrency‑related support system. Without further evidence, any description of broader targeting patterns, motives, or capabilities would be speculative and is therefore omitted. The only confirmed fact remains the February 2023 breach of Consensys’ third‑party support platform.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources