Concretely, what data was obtained by the scammers?
The data accessed by the attackers is strictly limited. It includes:
The user's email address
The gain or loss for the year 2024
The balance per cryptocurrency used for tax calculation as of December 31, 2024
This data is used exclusively for capital gains tax calculations. There was NO access to:
Transaction history
Transaction details
Public wallet addresses
Private keys
Public keys
API keys
Identity documents
Names, first names, phone numbers (unless this information is present within the email addresses)
Postal addresses
IBANs or banking data
Credit card data
No data allowing the movement of funds or access to wallets was compromised.
Is this leak linked to Web3 or the blockchain?
No. The data in question does not come from the blockchain itself, nor from a Web3 protocol. It is data stored in a traditional application environment, used to produce tax reports. The blockchain was not attacked.
Why wasn't the incident detected sooner?
The incident was discovered on the morning of Wednesday, January 21, 2026. The discovery did not come from a standard system alert, but from direct contact by an attacker who informed us of a database, providing a sample to prove access. Upon receipt of this sample, we immediately confirmed the incident, triggered our security procedures, and filed a complaint. Before this, we had not identified any clear trace of massive data extraction, which indicates a targeted and sophisticated attack.
Was this related to the incident mentioned on December 24, 2025?
Regarding the file presented on 12/24 referring to 5,000 potential Waltio accounts, present on this post: https://x.com/LeBunkerBtc/status/2003541777291129035
We confirm that this file indeed has no link to the Waltio database as presented in this post: https://x.com/pierre_morizot/status/2003787567813071069 Furthermore, the incident in Dompierre, Charente Maritime, is not linked to this incident.
Are my cryptos in danger?
There is no risk of loss of funds linked to this incident. The attackers do not have access to any technical elements allowing them to:
Access your wallets
Sign transactions
Interact with your accounts on exchange platforms
What are the concrete risks for users today?
The risk of scams is the main risk associated with this data leak. Phishing attempts may occur:
Fraudulent emails
Phone calls
Fake customer support
Fake police officers
Fake security services
Fake partners (e.g., known exchange platforms)
Attackers use the fact that they know your email and the order of magnitude of your wealth to gain credibility. Important to remember:
No serious customer service will ever ask for a key, a recovery phrase, or a transfer of funds.
The police never ask to secure cryptos over the phone.
What can be done concretely to protect oneself?
Immediate recommended measures:
Change the email address used for crypto services. Ideally: a dedicated email, without name or surname, used only for these services.
Check if your email or number is already exposed in other public leaks.
Be extremely vigilant regarding incoming calls. Never call back a number communicated by an unsolicited caller.
Reduce your digital footprint:
Limit personal information visible online.
Avoid any public exposure of wealth.
Separate personal identity and crypto usage.
These are good practices valid for everyone, independently of this incident.
Are you minimizing the gravity of the incident?
No. This is a serious security incident. Our role is neither to dramatize nor to trivialize, but to explain precisely:
What was exposed
What was not
What the real risks are
How to protect oneself concretely
Transparency is essential, especially in this type of situation.