Cyber Incident Victim: Trident Crypto Fund
Date:
Feb 2020
Location:
Russia
Summary
A major data breach at Trident Crypto Fund compromised usernames, encrypted passwords, email addresses, phone numbers, and IP addresses of over 266,000 customers, with the stolen database later published on file-sharing platforms. Hackers subsequently decrypted nearly 120,000 passwords, exposing affected accounts to unauthorized access and potential theft of funds, while approximately 10,000 Russian citizens impacted by the incident represented a significant personal data leak for that nation's crypto investors. The event reflected broader trends of increasing sensitive information exposures within cryptocurrency platforms.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 20, 2020, a database containing sensitive customer information from Trident Crypto Fund was stolen and subsequently published across multiple file-sharing websites. The compromised data included usernames, encrypted passwords, email addresses, cellphone numbers, and IP addresses belonging to over 266,000 customers. Cybersecurity firm DeviceLock's technical director Ashot Oganesyan confirmed the breach through statements to Russian news outlet IZ, noting the dataset's availability on public platforms. Within days of the initial leak, hackers successfully decrypted approximately 120,000 of the stolen passwords and published them in cleartext. This escalation significantly increased risks for affected customers, as threat actors could potentially use the credentials to gain unauthorized access to Trident Crypto Fund accounts and manipulate or withdraw digital assets. The breach represented one of the largest known security incidents targeting cryptocurrency investment platforms at the time, with particular implications for Russian users.
Approximately 10,000 Russian citizens had their personal information exposed in the breach, which Oganesyan described as the first major leak specifically impacting Russian cryptocurrency investors. While acknowledging that crypto exchange breaches occurred frequently, he emphasized the unprecedented scale of Russian user data compromise in this incident. The breach coincided with a broader trend of increasing data exposures across cryptocurrency platforms, as illustrated by Digitex exchange's decision to eliminate KYC verification processes following its own user data leak in the preceding month. Historical precedents included Binance's August 2019 disclosure that a third-party vendor had exposed KYC documents for an undisclosed number of users. The Trident breach demonstrated vulnerabilities in credential storage practices within crypto financial services, with encrypted passwords ultimately failing to prevent widespread account compromise when decrypted by attackers. No public statements from Trident Crypto Fund regarding containment measures or customer notifications were documented in available reports at the time of disclosure.