Crypto Event Attendee Data Sold Online, Creating Scam Risks

Lists containing the personal information of people who attended cryptocurrency events are being sold online. These lists include private details that could make the attendees vulnerable to scams and phishing attacks.

What Information is Being Sold?

The lists reportedly contain:

Full names and phone numbers.

Nationalities, job titles, and companies.

Social media profiles (personal and business).

Details about the tickets purchased, such as ticket type and purchase date.

Crypto wallet addresses.

Messages attendees sent to event organizers during registration.

Information about the operating system used to buy tickets.

Social media follower counts.

How Was the Data Collected?

The data was likely collected through online registration forms for conferences or related events. Some events use ticketing platforms like lu.ma, which sometimes require linking social media accounts.

Who is Selling the Data?

The seller shared samples of data from 60-100 participants per event on Telegram. These lists appeared to come from multiple events held in Southeast Asia, India, and other regions, mostly in late 2024.

The seller seemed to act as a reseller, possibly obtaining the data from an organized international operation. AI analysis and other clues suggest the seller and data compiler may be Russian.

What Events Were Affected?

The data samples included information from various events. One significant case involved the AIBC conference in Malta (November 2024), where a list of 1,700 attendees was being sold. Initially priced at $4,000, the seller reduced it to $650. The seller also claimed to have data from Blockchain Fest and DevCon.

Why is This Data Valuable?

The seller claims the data is for marketing purposes, but experts warn it could be misused by scammers to:

Send phishing emails or malicious links.

Use social engineering tactics to trick people into revealing more sensitive information.