Phishing Alert: Crypto Event Attendee Data For Sale

Crypto media outlet Cointelegraph obtained samples of attendee data that include full names, contact details, social media links, and even crypto wallet addresses—raising alarms about potential phishing campaigns.

The leaked lists, marketed as tools for “marketing and client outreach,” contain sensitive details such as:

• Full names and phone numbers
• Job titles and company affiliations
• Social media profiles, including follower counts
• Ticket purchase details, operating systems used, and registration timestamps
• Crypto wallet addresses
• Personal messages sent to event organizers

Some lists even include Telegram handles, adding another layer of vulnerability for attendees.

These details are often collected via registration forms for conferences or side events. Platforms like lu.ma, used for issuing tickets, sometimes request links to attendees’ social media accounts, which could explain how this data is aggregated.

Cointelegraph reportedly viewed lists from multiple crypto events, predominantly in Southeast Asia and India, held in late 2024. A seller provided samples of four lists, each containing 60–100 names, and claimed to have data from various events.

The scale and scope of the leaks suggest this isn’t an isolated incident but part of a larger international trade in blockchain event attendee data.

One notable dataset included 1,700 attendees from the November 2024 AIBC conference in Malta, initially priced at $4,000 but later slashed to $650. The seller claimed the list was “exclusive” and would be sold to only a few buyers.

“This data is very insider and exclusive information,” the seller boasted, while promising proceeds would fund the purchase of additional datasets from events like CoinFest and DevCon.

While there is no evidence implicating major event organizers, side events and third-party platforms collecting similar data pose a risk. Cybercriminals can weaponize this information for social engineering, sending phishing links or malicious offers tailored to attendees’ profiles.

The seller downplayed the severity of the breach, calling the data “not sensitive information” and suggesting that most attendees are “open to marketing.” However, the risks of such exposure are evident, particularly in an industry where trust and security are paramount.

This incident serves as a stark reminder for crypto event attendees to be cautious about the personal information they share. Here are some precautions:

1. Use unique email addresses for event registrations.
2. Avoid sharing crypto wallet addresses unless absolutely necessary.
3. Be skeptical of unsolicited messages or offers linked to events you’ve attended.

The unauthorized trade of attendee data highlights the urgent need for stricter security measures in the crypto industry to safeguard participants from phishing and other malicious activities.

Crypto media outlet Cointelegraph obtained samples of attendee data that include full names, contact details, social media links, and even crypto wallet addresses—raising alarms about potential phishing campaigns.

The leaked lists, marketed as tools for “marketing and client outreach,” contain sensitive details such as:

• Full names and phone numbers
• Job titles and company affiliations
• Social media profiles, including follower counts
• Ticket purchase details, operating systems used, and registration timestamps
• Crypto wallet addresses
• Personal messages sent to event organizers

Some lists even include Telegram handles, adding another layer of vulnerability for attendees.

These details are often collected via registration forms for conferences or side events. Platforms like lu.ma, used for issuing tickets, sometimes request links to attendees’ social media accounts, which could explain how this data is aggregated.

Cointelegraph reportedly viewed lists from multiple crypto events, predominantly in Southeast Asia and India, held in late 2024. A seller provided samples of four lists, each containing 60–100 names, and claimed to have data from various events.

The scale and scope of the leaks suggest this isn’t an isolated incident but part of a larger international trade in blockchain event attendee data.

One notable dataset included 1,700 attendees from the November 2024 AIBC conference in Malta, initially priced at $4,000 but later slashed to $650. The seller claimed the list was “exclusive” and would be sold to only a few buyers.

“This data is very insider and exclusive information,” the seller boasted, while promising proceeds would fund the purchase of additional datasets from events like CoinFest and DevCon.

While there is no evidence implicating major event organizers, side events and third-party platforms collecting similar data pose a risk. Cybercriminals can weaponize this information for social engineering, sending phishing links or malicious offers tailored to attendees’ profiles.

The seller downplayed the severity of the breach, calling the data “not sensitive information” and suggesting that most attendees are “open to marketing.” However, the risks of such exposure are evident, particularly in an industry where trust and security are paramount.

This incident serves as a stark reminder for crypto event attendees to be cautious about the personal information they share. Here are some precautions:

1. Use unique email addresses for event registrations.
2. Avoid sharing crypto wallet addresses unless absolutely necessary.
3. Be skeptical of unsolicited messages or offers linked to events you’ve attended.

The unauthorized trade of attendee data highlights the urgent need for stricter security measures in the crypto industry to safeguard participants from phishing and other malicious activities.