Canadian Firm Coinsquare Confirms Data Breach
- Canadian crypto exchange Coinsquare noted an “unusual activity” on the platform on Nov. 19 and withdrawals, deposits were all halted for a few days as customers grew anxious.
- “A bad actor” was able to implement a data breach which resulted in a leak of “customer names, email addresses, residential addresses, phone numbers, dates of birth, device IDs, public wallet addresses, transaction history, and account balances.”
- The firm issued a warning against fake Coinsquare profiles that have been created to cheat customers.
- The platform was fully live on Nov. 26 following a network upgrade and crypto and fiat deposit and withdrawals are also being processed normally.
- Customer funds are all safe and backed in a 1:1 ratio in cold storages and the password of the storage remains protected.
Following the collapse of multiple crypto firms, including FTX, customers and investors have grown very concerned about their data and their hard-earned money, which are stored in exchanges. Another piece of bad news comes from Canadian crypto exchange Coinsquare, adding to the stress that existing crypto investors are facing.
In October, Coinsquare became Canada’s first crypto trading platform registered as an IIROC dealer and marketplace member but the success of the firm failed to keep up with its security features. On Nov. 19, the firm announced via Twitter that the developers have detected an “unusual activity” on the platform and as a result, an unscheduled maintenance period took place.
Coinsquare emphasized that none of the funds belonging to its clients have been lost and they are backed safely in cold storages in a 1:1 ratio. In order to show transparency to its customers, the exchange took help from Nansen, a leader in blockchain analytics, and shared its cold wallet holdings securely so that anomalies can be rectified.
While customers’ assets were safe and secure, the withdrawals and deposits were halted to prevent a potential security breach. However, the platform was up and running on Nov. 20 and trading, user balances, fiat withdrawals, and deposits were all reactivated for each and every user of the major Canadian exchange.
On the very next day, the developers brought back transaction history, crypto withdrawals, and deposits for all the customers after a brief testing period.
“Full service has been restored on web and mobile, including fiat and crypto deposits/withdrawals. We thank you for your patience throughout the day and continued support,” said Coinsquare in a Twitter post on Nov. 26.
The firm also warned against fake Coinsquare profiles that have been created to cheat customers.
In an email sent to customers on Nov. 26, Coinsquare confirmed that “a bad actor” was responsible for a data breach, but the funds remain safe. As per the email, the breach exposed “customer names, email addresses, residential addresses, phone numbers, dates of birth, device IDs, public wallet addresses, transaction history, and account balances.”
The breach was revealed to customers earlier but it was not revealed via Twitter that crucial customer data has been leaked. However, the email from Coinsquare revealed that “no passwords were exposed.”
“We have no evidence any of this information was viewed by the bad actor,” the email stated.
A network upgrade was also implemented in order to prevent further data breaches and remove the access of the bad actor. A network issue was countered following the upgrade, but the team successfully rectified the network issue a few hours later.