Online sales of sensitive personal and professional information from cryptocurrency industry gatherings pose serious privacy and phishing concerns. These data sets, billed as “marketing and promotion tools,” include important information that scammers and malicious actors may exploit.
Typically, the data includes full names, phone numbers, job titles, firms, and social media links. In certain situations, it includes ticket purchase information, operating system versions, social media follower counts, cryptocurrency wallet addresses, and even messages sent to event organizers.
Recently, a seller published copies of these lists, purportedly compiled from numerous crypto events held in Southeast Asia and India in the fall of 2024. The overlap in data from numerous events shows that such attendee information is available through an established international commerce network.
One significant example is a list of 1,700 attendees from a November 2024 blockchain conference in Malta, which was first priced at $4,000 but eventually reduced to $650. The seller asserted the exclusivity and insider knowledge of this data, suggesting they would use the proceeds to purchase additional lists from future events.
The possible misuse of such information is concerning. Cybercriminals could use this information to launch phishing attacks, tricking people into clicking dangerous links or disclosing important information. Despite the seller’s assurances that the data is non-sensitive and intended for marketing, people and organizations still face significant risks.
This development highlights the importance of stricter data protection procedures at cryptocurrency events, as well as increased awareness among attendees about the security of their information.
