Data of millions of Vietnamese investors on virtual currency app leaked

A hacker has put up for sale the data of millions of users of ONUS, one of the most popular cryptocurrency investment applications developed by Vietnamese.

The information was posted on R *** forums, where hackers often exchange and share data. Previously, many cases of data breaches were revealed on this site.

According to a post from an account called “vndcio” created in December 2021, the hacker broke into the Goonus.io server, the official website of ONUS and obtained data from about 2 million users of ONUS.

The data includes name and surname, email, all the information of the identity card, photograph and video of the victims’ faces. These are the data used for eKYC (electronic authentication) of ONUS users.

To prove it, the hacker provided detailed information about identity cards, passports and authentic videos of some victims who are users from Vietnam, India and Indonesia. All information was shared in the form of unencrypted images and videos.

According to the hacker, after exporting the data, he deleted the files stored on the ONUS server. As a result, the app developer lost his user’s eKYC data. The hacker did not set a price for the data package, but did leave an email.

Data of millions of Vietnamese investors in 'virtual currency' is for sale online

The hacker provided detailed information on authentic identity cards, passports and videos of some victims who are users from Vietnam, India and Indonesia.

The ONUS app, formerly VNDC, was launched on March 23, 2020. After 18 months of operation, ONUS is now one of the most used digital investment apps in Vietnam with over 1.5 million downloads.

About 90% of ONUS users come from Vietnam, and the rest are from Nigeria, India, the Philippines, Indonesia, among others.

Tran Quang Chien, CEO of ONUS, told VietNamNet that several days before the hacker released the information about this case, ONUS had informed its users about the problem. The case was due to the deficiencies of ONUS in updating the patch for the Log4Shell vulnerability, which is considered the most dangerous vulnerability of the decade and was recently discovered.

The Log4Shell vulnerability was found in the log4j file, a file that records the activity (log) of applications. Log4j is used on a wide range of servers around the world. Many large corporations and technology firms such as Alibaba, Minecraft or even Apple, Amazon and Twitter are said to be more or less affected by this vulnerability.

For ONUS, after exploiting this vulnerability, hackers were able to access the configuration information of the data storage system (Amazon S3). The leaked data is part of the customer’s personal information, including name, email address, phone number, KYC data, transaction history, and many other encrypted data. ONUS has already notified our customers and advised them to change their password in the app.

Data of millions of Vietnamese investors in 'virtual currency' is for sale online
Data of millions of Vietnamese investors in 'virtual currency' is for sale online

The hacker provided detailed information on authentic identity cards, passports and videos of some victims who are users from Vietnam, India and Indonesia.

Chien said the company is focusing on reviewing and updating system security to protect users’ rights. According to him, a large amount of data was erased from ONUS and the firm is trying to recover it. However, the operation of the ONUS application is still normal, except that it sometimes becomes overloaded due to the large number of new users.

It stated that users’ digital assets are not affected and the company has agreed to pay 100% compensation if user assets are lost due to security concerns related to the fault of ONUS.

“We have a budget of 5 million dollars to compensate the loss of assets of the users in ONUS. However, we have not received any requests for compensation from users, ”Chien said.

Chien revealed that this app has almost 2 million users, about 80% from Vietnam.

“This incident is a great lesson for ONUS and we will definitely work harder to improve security in our application. The ONUS plan remains unchanged with the goal of helping 10 million people around the world access the Blockchain world, ”he added.

In data

load

Vietnam startup named by Bloomberg

Vietnam startup named by Bloomberg

Vietnam’s digital asset investment platform ONUS has reached 1.5 million people in just 18 months.

.

Leave a Comment