Cointelegraph obtained data set samples packed with sensitive information of crypto conference attendees that could be a treasure trove for scammers.
Lists packed with sensitive information on crypto industry event attendees are being sold under the guise of “marketing and promoting and finding clients,” presenting a potential data gold mine for scammers and malicious actors.
The lists may contain information including full names, phone numbers, nationalities, job roles and companies, along with personal and business social media links.
Some even include the attendees’ ticket purchase date, ticket type, the operating system used for making the purchase, social media follower counts, crypto wallet addresses and messages typed into a text field sent to event organizers.
This sort of information is typically collected through event registration forms at conferences or side events. Recently, events using platforms such as lu.ma to issue tickets commonly require links to specific social media accounts.
Cointelegraph obtained “samples” of such lists from a seller over Telegram, which included four lists of about 60 to 100 participants that appeared to be derived from multiple events. Each contained different data points on the attendees.
The events seemed to have occurred mostly in the fall of 2024, and attendee phone numbers suggested they happened in different countries, primarily in Southeast Asia and India.
A single seller having access to lists from multiple countries suggests that rather than an isolated incident, there is an organized international trade for blockchain event attendee data.
The lists may be the tip of the iceberg — images of additional samples purportedly connected to Blockchain Fest and Devcon were also shared.
Cointelegraph is not suggesting the organizers or staff of major events are involved in the trade, as hundreds of side events at conferences also collect similar details.
Of specific value was an apparent list of 1,700 attendees at the November 2024 AIBC conference in Malta. The asking price for the list, which the seller said would be distributed to “only a few persons,” was almost $4,000, but was dropped to $650 after a few days.
The seller claimed that sales proceeds would be used to purchase additional lists from other events, namely from Coinfest and DevCon, for which they shared database screenshots.
The seller was seemingly acting as a reseller of the data and, though anonymous, both the seller and compiler of the data appear to be Russian — evidenced by one of the sample data set’s tabs titled “List2” in Russian and an AI analysis of the seller’s writing pointing to a Russian native speaker.
The seller attempted to justify the sale of the “not leaked” data, claiming that it was “not sensitive information” and that “most people are open to such marketing.”
AIBC founder Eman Pulis wanted to know how large the list was when Cointelegraph asked for comment and said the event has “very strict protocols against data breaches.” Pulis added that many similar databases are fraudulent and that “we get offered databases of our competitors all the time.”
The full database cannot be verified, but the seller offered to cross-validate their data against any known AIBC attendee.
Though it is not clear where the data is coming from, it is clear that lists of this type are sought after by unscrupulous actors, and attendees should be aware of the risks of entering personal data in online forms.