Fractal ID Data Breach Affects Gnosis Pay, Polygon, Ripple, and NEAR Users
At least 8 crypto projects might have been compromised in the Fractal ID breach. Protocols at risk due to this breach include Polygon, Ripple, and NEAR. Gnosis Pay, Polygon, Ripple, and NEAR are among the crypto projects recently affected by a data breach at Fractal ID, a popular customer verification service. Gnosis Pay alerted its [...]
- At least 8 crypto projects might have been compromised in the Fractal ID breach.
- Protocols at risk due to this breach include Polygon, Ripple, and NEAR.
Gnosis Pay, Polygon, Ripple, and NEAR are among the crypto projects recently affected by a data breach at Fractal ID, a popular customer verification service. Gnosis Pay alerted its customers about the breach on Wednesday via a customer service email.
Dissection of Fractal ID Data Breach
The email read, “At 7:30 PM CET, Monday, 15th July 2024, our Know Your Customer (KYC) service provider Fractal ID made the Gnosis Pay team aware that it had suffered a data breach on Sunday 14th July 2024.”
Fractal co-founder Julian Leitloff has since confirmed the exploit, stating that suspicious activity was noticed with a single operator account. Approximately 0.5% of Fractal ID’s 1 million users were affected in the breach, as revealed on the platform’s official X account. Leitloff, however, acknowledged that access was quickly stopped, and the cause was identified with the help of external support.
On Sunday, July 14th, 2024 the Fractal ID user base was accessed by a malicious external party that gained unauthorized access to an operator’s account. Our team acted quickly, but roughly 0.5% of our user base was affected.
Our first line of responsibilities lies with the users…
— FRACTAL ID (@Fractal_ID) July 17, 2024
Nonetheless, roughly 0.5% of the Gnosis user base was affected. The potentially compromised information includes those contained in Fractal ID’s user profile. This data may include information like wallet addresses, email addresses, phone numbers, and images of uploaded documents.
Leitloff added that the attack targeted access to the operator’s account, rather than Gnosis-specific. “The system itself was not impacted but this account, meaning every user that account had access to,” Leitloff noted.
The recent attack has raised concerns about the safety of Fractal and verification services in general. An X user @arlery voiced fears over the breach stating, “Fractal KYC requires showing proof of ID and residence proof, etc. I used this for Optimism retro KYC and Thrive/Arbitrum KYC. The fact that they’ve been compromised is so alarming.”
Fractal has, however, promised to take immediate steps to mitigate the impact of a breach and implement further security measures. Accordingly, the platform said it has informed the data protection authorities and the cybercrime police division of the recent situation.
Fractal ID is an interoperable Decentralized Identity system for Web3. Like other KYC and Anti-Money Laundering (AML) service providers, Fractal ID collects and stores user-sensitive data called personally identifiable information. According to its website, Fractal ID provides compliance assistance for at least eight crypto protocols including Polygon, Ripple, Near, and over 250 companies.
The Rise of Decentralized Identity for Verification
It is worth noting that many blockchain infrastructures are now integrating decentralized identity as a core component. This effort is being made as they transition from the dApp layer to the fundamental infrastructure layer. This is similar to explorers, wallets, and oracles.
As noted in our earlier article, the Hedera network has formed an alliance with Tuum Technologies for the integration of Identity Snap with MetaMask. This collaboration targets developers interested in developing Digital Identifiers (DIDs) and Verifiable Credentials (VCs) on the Hedera network.
In a similar move, IOTA recently collaborated with the Taiwan government to implement decentralized ID solutions. As highlighted in our earlier post, the partnership follows IOTA’s earlier collaboration with the European Union on its EDIC digital identity solution.
What's Your Reaction?