Cointelegraph obtained data set samples packed with sensitive information of crypto conference attendees that could be a treasure trove for scammers.
News
Lists packed with sensitive information on crypto industry event attendees are being sold under the guise of “marketing and promoting and finding clients,” which presents a potential data gold mine for scammers and malicious actors.
The lists can contain information such as full names, phone numbers, nationalities, job roles, and companies, along with personal and business social media links.
Some even include the attendees’ ticket purchase date, ticket type, the operating system used for making the purchase, social media follower counts, crypto wallet addresses, and messages typed into a text field sent to event organizers.
Information like this is typically collected through event registration forms at conferences or side events. Recently, events using platforms such as lu.ma to issue tickets commonly require links to specific social media accounts before accepting applications.
Cointelegraph obtained “samples” of such lists from a seller over Telegram, which included four lists of about 60 to 100 participants, which appeared to derive from multiple events, and each contained different data points on the attendees.
The events appear to have taken place mostly in the fall of 2024, and attendee phone numbers suggest the events took place in different countries — primarily in Southeast Asia and India.
A single seller having access to lists from multiple countries suggests that rather than an isolated incident, there is an organized international trade for blockchain event attendee data.
The lists appear to be the tip of the iceberg — images of additional samples purportedly connected to Blockchain Fest and Devcon were also shared.
Cointelegraph is not suggesting the organizers or staff of major events are involved in the trade, as hundreds of side events at conferences also collect similar details.
Of specific value was an apparent list of 1,700 attendees at the November 2024 AIBC conference in Malta. The asking price for the list, which the seller said would be distributed to “only a few persons,” was nearly $4,000, but was later dropped to $650 after a few days.
“This datas very insider and exclusive information.”
The seller claimed that sales proceeds would be used to purchase additional lists from other events, namely from Coinfest and DevCon, for which they shared database screenshots.
The seller was seemingly acting as a reseller of the data and, though anonymous, both the seller and compiler of the data appear to be Russian — evidenced by one of the sample data set’s tabs titled “List2” in Russian and an AI analysis of the seller’s writing pointing to a Russian native speaker.
The seller even attempts to justify the sale of the “not leaked” data, claiming that it is “not sensitive information” and that “most people are open to such marketing.”
Related: Crypto thieves score big on centralized services, private keys in 2024
The information could greatly help social engineering scammers target those on the lists with malicious links and phishing attempts to drain their crypto wallets.
AIBC founder Eman Pulis wanted to know how large the list was when Cointelegraph asked for comment and said the event has “very strict protocols against data breaches.” Pulis added that many similar databases are fraudulent and that “we get offered databases of our competitors all the time.”
The full database cannot be verified, but the seller offered to cross-validate their data against any known AIBC attendee.
“AIBC if you know anyone who was there ,I can prove reality ,give me surname and I will find the person.”
Though it is not clear where the data is coming from, it is clear that lists of this type are sought after by unscrupulous actors, and attendees should be aware of the risks of entering personal data in online forms.
Magazine: Legal issues surround the FBI’s creation of fake crypto tokens
This article first appeared at Cointelegraph.com News