Cyber Incident Victim: Digitex
Date:
Feb 2020
Location:
Seychelles
Summary
A cryptocurrency derivatives exchange experienced a significant internal security breach when a former employee stole and leaked sensitive Know-Your-Customer documentation, including passport scans, driver's licenses, addresses, phone numbers, and IP addresses, affecting over 8,000 users. The perpetrator, who accessed the data through credentials from a third-party KYC provider, initially hijacked the company's Facebook account to disclose user email addresses before escalating to leaking full KYC records on Telegram. While the firm confirmed the breach was orchestrated internally and sought legal counsel, conflicting reports emerged regarding the extent of exposed data—with the attacker claiming possession of all user records but sources indicating only limited information had been publicly released at the time.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Digitex incident began on or around February 10, 2020, when a former employee hijacked the cryptocurrency derivatives exchange’s Facebook account to publicly disclose users’ email addresses. In a blog post published the same day, Digitex confirmed this was an internal security breach perpetrated by a "scheming and highly manipulative ex-employee," assuring customers that only email addresses had been exposed with no other sensitive information gathered or released. The Seychelles-based exchange characterized the breach as an isolated internal issue rather than an external cyberattack.
The situation escalated weeks later when the same individual, self-identified as "Digileaker," began leaking stolen Know-Your-Customer (KYC) documents on Telegram, claiming possession of the entire KYC documentation for every user of Digitex Treasury since its inception. The perpetrator asserted access to passport scans, driver's licenses, addresses, phone numbers, and IP addresses for over 8,000 customers, allegedly obtained through login credentials from Digitex's third-party KYC provider Sum and Substance. Digitex issued a statement acknowledging the data leak as an "internal security breach orchestrated by an ex-employee with a conflict of interest," but declined further comment while seeking legal counsel. Conflicting reports emerged regarding the breach's scope, with one source claiming only three IDs had been leaked despite the perpetrator's possession of all data, while Digileaker threatened to release additional documents unless demands were met. The incident exposed significant vulnerabilities in Digitex's internal controls and third-party vendor management, particularly regarding access to sensitive customer verification data. Impacts included potential identity theft and financial fraud risks for affected users, compounded by the perpetrator's prior demonstration of capability through the email address disclosure. Digitex's reputation suffered due to contradictory accounts about the breach severity and delayed transparency, while operational disruptions occurred as the company engaged legal teams to address the crisis. The full extent of compromised data remained unverified as of the last reported developments.