French cryptocurrency tax platform Waltio has confirmed a significant security breach, with the notorious hacker collective ‘ShinyHunters’ claiming responsibility for the theft of approximately 50,000 user records. The attackers have issued a ransom demand, threatening to release sensitive financial data if payment is not made.
The breach, first reported by Le Parisien, exposes a highly specific vector for criminals: a curated list of tax-compliant crypto holders and their declared asset balances.
The Data Exposure
According to the filing lodged with the Paris Public Prosecutor’s cybercrime division (Section J3), the compromised data includes user email addresses and portfolio valuation details from the 2024 tax year. While Waltio has stated that API keys, passwords, and bank details remain secure, the leaked combination of identities plus asset values creates a “target list” for sophisticated extortion.
The leaked data reportedly links real-world identities to specific crypto wealth brackets, bypassing the anonymity usually afforded by blockchain addresses.
Institutional Context: The ‘Wrench Attack’ Risk
This breach arrives during a period of heightened alert in France. The disclosure of physical identities associated with high-value crypto portfolios feeds directly into the rising trend of violent home invasions, known colloquially as “$5 wrench attacks.”
French authorities have recently investigated multiple kidnappings targeting crypto executives, including a violent incident in Verneuil-sur-Seine earlier this month. Security experts warn that a database of declared crypto wealth is arguably more dangerous than a private key leak, as it facilitates physical social engineering and targeted coercion.
Phishing Vector
The immediate digital threat involves high-fidelity phishing. With access to tax data, attackers can impersonate French fiscal authorities (DGFiP), claiming discrepancies in 2024 declarations to solicit immediate “fine” payments or credential resets. Waltio has advised users that it will never request passwords or payments via email.
