Sensitive data from crypto event attendees is being traded online, presenting a potential goldmine for scammers and malicious actors. Data sets containing highly personal details of individuals who attended blockchain conferences, including full names, phone numbers, social media profiles, job roles, and more. These lists are being sold under the guise of “marketing and promotion,” raising serious concerns about phishing risks.
The Dangers of Data Leaks
The lists, some of which include personal information such as attendees’ ticket purchase dates, ticket types, operating systems used for transactions, social media follower counts, and even crypto wallet addresses, are now being sold to the highest bidder. Some of the most concerning details in these lists include direct messages sent to event organizers, which could potentially be exploited for social engineering attacks.
These data sets are typically collected through event registration forms, which often require attendees to provide personal details, including links to their social media profiles, when applying for tickets to blockchain events. Platforms like lu.ma are often used to manage ticket sales and event registrations, and have been a common source of the data being sold.
Cointelegraph obtained samples of these lists, which were sold via Telegram by an anonymous seller. The samples provided detailed attendee information, including Telegram handles, phone numbers, social media accounts, and even messages typed into text fields for event organizers.
International Data Trade
The lists appear to span multiple countries, with data coming from events primarily held in Southeast Asia and India during the fall of 2024. The fact that a single seller has access to such extensive data across multiple countries suggests the existence of an organized international trade in event attendee information.
Images of additional samples connected to well-known events like Blockchain Fest and Devcon were also shared by the seller. These lists, which appear to come from a variety of blockchain-related conferences, have stirred concerns about the broader scope of the data trade.
While there is no indication that the event organizers themselves are involved in the data leak, Cointelegraph’s investigation suggests that side events and third-party platforms involved in conference management may be responsible for collecting and distributing this information.
High-Value Data for Sale
Of particular concern is a list containing the personal details of 1,700 attendees from the November 2024 AIBC conference in Malta. The initial asking price for this list was nearly $4,000, though it was later reduced to $650 after a few days. The seller, who claims to be a reseller of the data, explained that the proceeds from these sales would go toward purchasing additional attendee lists from other events, such as Coinfest and DevCon.
The seller further emphasized that the data was “exclusive” and “insider information,” marketing it as highly valuable for targeting individuals for future marketing efforts.
Although the seller is anonymous, Cointelegraph’s investigation indicates that both the seller and the compiler of the data appear to be Russian. Evidence for this includes a spreadsheet tab in Russian and an analysis of the seller’s writing, which suggests a native Russian speaker.
Data Used for Phishing and Scams
While the seller tried to justify the sale of the data by claiming it was only for marketing purposes, the risk of phishing attacks and social engineering scams is significant. Scammers can use the information—such as personal phone numbers, job roles, and social media accounts—to impersonate trusted sources and send malicious links, potentially draining victims’ crypto wallets.
The seller attempted to downplay the severity of the data, arguing that “most people are open to such marketing,” despite the clear risks involved in sharing such personal information without proper security measures.
Event Organizers Respond
The founder of AIBC, Eman Pulis, was contacted for comment regarding the data leak. He expressed concern over the situation but emphasized that AIBC has strict protocols in place to prevent data breaches. Pulis added that fraudulent databases are frequently circulated, with AIBC often being offered competitor databases. He acknowledged that verifying the full extent of the database was difficult but assured that many of the data sets being sold are likely fabricated or incomplete.
“Many of these databases are fraudulent, and we get offered them all the time,” Pulis stated. When Cointelegraph asked for more information, the seller offered to cross-validate their list with AIBC attendee data, claiming they could “prove reality” by verifying the list against known attendees.
Increasing Data Security Awareness
While the source of the data leak remains unclear, the incident highlights the growing risks associated with personal data shared through event registration forms, particularly in the crypto and blockchain space. As conferences and other industry events continue to proliferate, it is essential for attendees to be cautious about the personal information they share and to be aware of the risks of phishing and identity theft.
Event organizers and ticketing platforms must ensure that robust data protection measures are in place to prevent such leaks and safeguard attendees’ personal and financial information.
As the trade in attendee data continues to raise concerns, it’s clear that the crypto industry must take proactive steps to protect personal information and minimize the risks of phishing and other scams targeting event participants.
The post Crypto Event Data Leak Sparks Phishing Concerns appeared first on Koinreport.