- Waltio, that courteous clerk of cryptic paperwork, found itself in the clutches of the Shiny Hunters, and the breach-oh, the breach-may have leaked the data of nearly 50,000 crypto users.
- Among the pilfered trove were email addresses and transaction histories, which means the victims are now at risk of phishing and identity theft-nice souvenirs, if you ask the thieves.
- On the bright side, Waltio’s read-only API keys keep the treasury safe; funds on connected exchanges remain unbreached, like pearls in a locked locket.
In the week just past, whispers rose that Waltio-the popular crypto tax concierge-had suffered a major data breach.
This episode promptly revealed itself as an extortion racket, as a notorious hacker collective asserts that sensitive financial information has been filched from a gargantuan database.
The incident reveals a creeping peril for investors who rely on third-party tools to tame their crypto tax dragons.
The Waltio Data Breach
As noted, Waltio came under the gaze of a hacking group known as the Shiny Hunters. According to reports, this gang boasts a résumé that reads like a rogues’ gallery of cyber marauders-tech behemoths and retail empires among its trophies.
In the Waltio breach, the attackers are said to have gained access to a database containing the records of almost 50,000 users. Even more galling, some of the stolen data includes email addresses, account balances, and detailed transaction histories.
These are precisely the threads needed to trace a person’s coins along the blockchain’s labyrinth.
The hackers are actively demanding a ransom and have threatened to leak the information publicly or sell it on the dark web if the company does not comply.
Why Tax Platforms Are Main Targets
Waltio serves as a courteous crypto assistant for more than 60,000 users in France and beyond, helping to calculate capital gains and conjure forms for the tax authorities.
Clients connect their exchange APIs or upload wallet addresses; the tool collects this information and stores it in a database.
And although Waltio cannot move funds for its users, the information itself is priceless-priceless in the eyes of criminals, at least.
When criminals know exactly how much Bitcoin or Ethereum a user holds, as well as a roadmap to all their addresses, they can mount highly targeted spear-phishing campaigns.
They might send an email that looks like a tax notice and is tailored to the user’s holdings. This leak could even lead to physical threats against wealthy individuals, as has tragically occurred across Europe over the past year.
🚨 Armed teenagers carried out a violent “wrench attack” on high-profile Twitch and OnlyFans creator Kaitlyn ‘Amouranth’ Siragusa earlier this year, breaking into her home, pistol-whipping her, and demanding access to her Bitcoin after being misled by her online posts about…
– Subjective Views (@subjectiveviews)
Differences Between Data and Asset Security
Users must grasp that data and actual funds are not the same thing. Depending on the platform’s operation, your crypto may be shielded from direct theft.
Waltio uses “read-only” API keys, meaning the software can view trades but cannot execute “send” or “withdraw” commands. In other words, a hacker inside the Waltio system cannot drain anyone’s Binance or Coinbase account.
However, their identity is what is at risk here. The breach now has emails, tax residency, and the total wealth of thousands of users.
Even users with hardware wallets synced to the tax software now find their information exposed.
Read More
- VCT Pacific 2026 talks finals venues, roadshows, and local talent
- Lily Allen and David Harbour ‘sell their New York townhouse for $7million – a $1million loss’ amid divorce battle
- EUR ILS PREDICTION
- Will Victoria Beckham get the last laugh after all? Posh Spice’s solo track shoots up the charts as social media campaign to get her to number one in ‘plot twist of the year’ gains momentum amid Brooklyn fallout
- Vanessa Williams hid her sexual abuse ordeal for decades because she knew her dad ‘could not have handled it’ and only revealed she’d been molested at 10 years old after he’d died
- Dec Donnelly admits he only lasted a week of dry January as his ‘feral’ children drove him to a glass of wine – as Ant McPartlin shares how his New Year’s resolution is inspired by young son Wilder
- SEGA Football Club Champions 2026 is now live, bringing management action to Android and iOS
- The five movies competing for an Oscar that has never been won before
- Streaming Services With Free Trials In Early 2026
- Binance’s Bold Gambit: SENT Soars as Crypto Meets AI Farce
2026-01-24 08:17