- Waitio was a target of the hacking group Shiny Hunters, and the resulting data breach may have leaked the data of nearly 50,000 crypto users.
- Some of the stolen data included email addresses and transaction histories, which means that the victims are at risk of phishing and identity theft.
- On the bright side, since Waltio uses “read-only” API keys, user funds on connected exchanges are safe.
This week, reports surfaced that Waitio, the popular crypto tax platform, suffered a major data breach.
This event quickly turned into an extortion attempt as a notorious hacker group claims to have stolen sensitive financial information from a massive database.
This incident shows a growing danger to investors who use third-party tools to manage their crypto taxes.
The Waltio Data Breach
As mentioned, Waitio was attacked by a hacking group known as the Shiny Hunters. According to reports, this organisation has a long history of attacking victims like tech giants and retail companies.
In the case of the Waltio data breach, the hackers allegedly gained access to a database containing the records of almost 50,000 users. Even worse, some of the stolen data includes email addresses, account balances and detailed transaction histories.
These also turn out to be the exact pieces of information needed to track a person’s assets on the blockchain.
The hackers are actively demanding a ransom and have threatened to leak the information publicly or sell it on the dark web if the company does not pay.
Why Tax Platforms Are Main Targets
Waltio acts as a “crypto assistant” for over 60,000 users in France and beyond, because it helps people calculate capital gains and generate forms for the tax authorities.
Customers use the tool by connecting their exchange APIs or uploading their wallet addresses. The tool then collects this and stores it all on a database.
And even though Waitio does not have the power to move funds on behalf of its users, the information itself is worth a fortune.
When criminals know exactly how much Bitcoin or Ethereum a user has, as well as a roadmap to all of their addresses, they can run highly targeted spear phishing attacks.
They might send an email that looks exactly like a tax notice, and is tailored to the user’s specific holdings. This type of leak could even lead to physical threats against wealthy individuals, as has been happening in Europe for the past year.
🚨 Armed teenagers carried out a violent “wrench attack” on high-profile Twitch and OnlyFans creator Kaitlyn ‘Amouranth’ Siragusa earlier this year, breaking into her home, pistol-whipping her, and demanding access to her Bitcoin after being misled by her online posts about… pic.twitter.com/vc8FNjUwcH
— Subjective Views (@subjectiveviews) December 9, 2025
Differences Between Data and Asset Security
Users need to understand the difference between their data and their actual funds. Based on how the platform operates, your crypto is likely safe from direct theft.
Waltio uses “read-only” API keys, which means the software can view a user’s trades but cannot execute “send” or “withdraw” commands. In other words, a hacker inside the Waltio system cannot drain anyone’s Binance or Coinbase account.
However, their identity is what is at risk here. The hack now has the emails, tax residency and total wealth of thousands of users.
Even users who use a hardware wallet and have synced it with the tax software now have their information exposed.