Phishing Fears Emerge as Sensitive Data from Crypto Event Attendees Sold Online

Phishing Fears Emerge as Sensitive Data from Crypto Event Attendees Sold Online

A growing security concern has emerged within the cryptocurrency industry, as sensitive information from attendees of major crypto conferences is being sold online. The data, often packaged as "marketing and promotion" materials, represents a potential goldmine for scammers and malicious actors seeking to exploit personal details for fraudulent activities, including phishing attacks.


The compromised lists reportedly contain a wide range of sensitive information, including full names, phone numbers, nationalities, job roles, companies, and social media links—both personal and business-related. In some cases, the data extends to even more detailed information, such as attendees’ ticket purchase dates, ticket types, the operating system used during the purchase, social media follower counts, crypto wallet addresses, and messages exchanged with event organizers. This information is typically collected through event registration forms used at conferences and side events, with platforms like lu.ma, which require links to social media accounts, commonly facilitating data gathering.


Recent investigations revealed that such lists are being traded on platforms like Telegram, where a seller shared samples of data containing information on attendees from various crypto events. Each sample, consisting of between 60 and 100 participants, appeared to be sourced from multiple events, most of which took place in the fall of 2024. The attendees, based primarily in Southeast Asia and India, had their phone numbers included in the lists, suggesting a coordinated international effort to collect and resell this data.


One of the most valuable pieces of this data trove was a list of 1,700 attendees from the November 2024 AIBC conference in Malta. The seller initially priced the list at nearly $4,000 but dropped the asking price to $650 after a few days. The seller, who claimed the data was “exclusive and insider information,” suggested that the proceeds would be used to purchase more lists from other events like Coinfest and DevCon. The data was marketed with the rationale that it was "not sensitive information," and the seller implied that most people are "open to such marketing."


Although the identity of the seller remains anonymous, there are signs suggesting that they are based in Russia. This conclusion is drawn from Russian-language elements in the data files and AI analysis of the seller’s writing style. The seller appeared to be a reseller of the data rather than the original compiler, suggesting a well-organized international trade in blockchain event attendee information.


The impact of this data leak could be far-reaching. With access to detailed personal information, scammers can engage in targeted social engineering attacks, such as phishing attempts, malicious links, and other fraudulent schemes. Crypto event attendees are particularly vulnerable, as the data can be used to create convincing fake communications from event organizers or other trusted sources.


Eman Pulis, founder of the AIBC conference, responded to inquiries from Cointelegraph, expressing concern over the breach. Pulis confirmed that the event has strict protocols in place to prevent data leaks and stated that many of the databases being sold are likely fraudulent. He emphasized that similar databases, including those of AIBC’s competitors, are often offered for sale, but their authenticity is often questionable.


While the full extent of the data breach remains unclear, the sale of such lists highlights an emerging risk within the cryptocurrency community. As these events continue to collect large volumes of sensitive data, attendees should be cautious about sharing personal information on event registration forms and remain vigilant for phishing attempts or other malicious activities targeting them online.

Disclaimer: The content on this website is for informational purposes only and does not constitute financial or investment advice. We do not endorse any project or product. Readers should conduct their own research and assume full responsibility for their decisions. We are not liable for any loss or damage arising from reliance on the information provided. Crypto investments carry risks.