Concretely, what data was obtained by the attackers?
The data accessed by the attackers is strictly limited.
It consists of:
the user's email address
the gain or loss for the year 2024
the balance per cryptocurrency used for the tax calculation as of December 31, 2024
This data is used exclusively for capital gain tax calculations.
There was NO access to:
transaction history
transaction details
public wallet addresses
private keys
public keys
API keys
identity documents
first names, last names, phone numbers (unless this information was present in emails)
postal addresses
IBANs or banking data
credit card data
No data enabling fund transfers or wallet access was compromised.
Is this breach related to Web3 or the blockchain?
No. The data concerned does not come from the blockchain itself, nor from a Web3 protocol.
It consists of data stored in a traditional application environment, used to produce tax reports. The blockchain was not attacked.
Why wasn't the incident detected sooner?
The incident was discovered on Wednesday, January 21, 2026 in the morning.
The discovery did not come from a standard system alert, but from a direct contact by an attacker who informed us of a database, providing a sample to prove access.
Upon receiving this sample, we immediately confirmed the incident, triggered our security procedures, and filed a complaint.
Prior to this, we had not identified any clear trace of massive data extraction, which indicates a targeted and sophisticated attack.
Was this related to the incident mentioned on December 24, 2025?
The file presented on 12/24 referencing 5,000 potential Waltio accounts, present in this post: https://x.com/LeBunkerBtc/status/2003541777291129035
We confirm that this file has absolutely no connection to Waltio's database, as presented in this post: https://x.com/pierre_morizot/status/2003787567813071069
The incident in Dompierre, Charente Maritime, is also not related to this incident.
Are my cryptos at risk?
There is no risk of fund loss related to this incident.
The attackers have no access to any technical element enabling them to:
access your wallets
sign transactions
interact with your accounts on exchange platforms
What are the concrete risks for users today?
The risk of scams is the main risk linked to this data breach.
Phishing attempts may occur through:
fraudulent emails
phone calls
fake customer services
fake police officers
fake security services
fake partners (e.g., well-known exchange platforms)
The attackers use the fact that they know your email address and an approximate estimate of your assets to gain credibility.
Important reminders:
no legitimate customer service will ever ask for a key, a recovery phrase, or a fund transfer
the police never ask you to secure your cryptos over the phone
What can you concretely do to protect yourself?
Recommended immediate measures:
Change the email address used for crypto services. Ideally: a dedicated email, without your name, used exclusively for these services
Check whether your email or phone number is already exposed in other public data breaches
Be extremely vigilant about incoming calls. Never call back a number provided by an unsolicited contact.
Reduce your digital footprint
limit personal information visible online
avoid any public exposure of assets
separate personal identity and crypto usage
These are good practices valid for everyone, regardless of this incident.
Are you minimizing the severity of the incident?
No.
This is a serious security incident.
Our role is neither to dramatize nor to trivialize, but to explain precisely:
what was exposed
what was not
what the real risks are
how to protect yourself concretely
Transparency is essential, especially in this type of situation.