French authorities open investigation after massive data leak at Waltio

Crypto data security is faltering once again. The French platform Waltio, specializing in tax declarations, was the victim of a massive leak of sensitive information. In response, an investigation was opened by the French authorities, mobilizing the National Gendarmerie. This incident revives concerns about the vulnerability of crypto-related services, including those outside the blockchain. As the use of tax tools becomes more widespread, user confidence is put to the test.

A targeted attack on users’ tax data

In a press release published on January 23, the company Waltio admitted to having been the victim of unauthorized access to certain user data, while physical attacks against actors in the crypto universe are increasingly common in France.

The incident, which occurred following a hack, allowed a malicious actor to exfiltrate data from tax reports generated in 2023, relating to the 2022 tax year. Waltio precise that “the elements exposed are only email addresses and aggregated data from tax reports (balances, capital gains, capital losses, etc.)”. The company claims that passwords, API keys, detailed transactions, banking data and wallet addresses “have not been compromised”.

Here is the main information confirmed at this stage:

• The type of attack: this involves illegal access to files generated by the platform, without intrusion into the central system or compromise of the servers;
• The data exposed: email addresses, portfolio balances, aggregate capital gains and losses;
• Uncompromised data: passwords, API keys, banking information, crypto wallet addresses, detailed transactions;
• The official reaction: the opening of a preliminary investigation by the Paris prosecutor's officeentrusted to the National Cyber ​​Unit of the Gendarmerie;
• The potential author: several technical elements suggest an action by the ShinyHunters hacker group, without official confirmation yet.

The government site Cybermalveillance.gouv.fr quickly relayed the alert, recalling that “sensitive personal data linked to cryptos may have been exfiltrated”. The authorities emphasize the importance of caution for the users concerned, particularly with regard to unsolicited contacts, even issued under the cover of official authorities.

Risks of usurpation and cascading targeted scams

Beyond the leak itself, the French authorities are now warning of the secondary risks arising from this compromise.

Cybermalveillance.gouv.fr indicates that the stolen information could be used to “usurp the identity of victims in order to extract money, data or access to their digital wallets”. The site also highlights the existence of fraudulent contact attempts, coming from people posing as public officials or representatives of security services, in order to trap users of crypto products, in particular bitcoin.

Recommendations published by the authorities emphasize the importance of never disclosing recovery phrases, passwords or security codes, even in the event of an urgent request. Users are also invited to strengthen the security of their email, the main contact vector used in this type of attack. The CNIL has been informed of the incident and may be required to comment on possible responsibilities in terms of data protection.

This leak highlights the fragility of intermediary players in the crypto ecosystem, at a time when transparency requirements are intensifying with MiCA. As regulation progresses, data security becomes a major issue to preserve user confidence and prevent these incidents from multiplying.