Sensitive personal data from attendees of crypto industry events is being sold under the guise of “marketing, promotion, and client finding,” creating significant privacy risks and presenting a potential gold mine for scammers and malicious actors.
These data lists contain a wealth of information, including full names, phone numbers, job roles, nationalities, companies, and even social media profiles both personal and business-related. In some cases, additional details such as ticket purchase dates, ticket types, the operating system used for the transaction, social media follower counts, crypto wallet addresses, and messages sent to event organizers have been included.
This information is typically gathered through event registration forms, particularly at conferences or related side events. Recently, events hosted on platforms like lu.ma—where tickets are issued—have been collecting links to social media accounts as part of the registration process, further expanding the potential risk for attendees.
Data Trading Through Telegram
Cointelegraph obtained multiple “sample” lists of attendees from a seller operating on Telegram. These lists contained between 60 and 100 participants each, and they appeared to originate from various events. The data shared spanned events primarily held in the fall of 2024, with attendee phone numbers indicating that the events were global in scope, with a focus on Southeast Asia and India.
The fact that one seller was able to access lists from multiple countries suggests a larger, organized international trade in blockchain event attendee data, rather than isolated incidents of data breaches. These lists represent just a small portion of the larger operation. Additional samples of attendee data from high-profile events such as Blockchain Fest and Devcon were also shared by the seller.
It’s important to note that there is no evidence to suggest that the organizers or staff of major crypto events are directly involved in this data trade. The sale of attendee information is more likely the result of third-party side events at conferences that also collect similar attendee details.
Among the most valuable of these lists was an alleged attendee database from the November 2024 AIBC conference in Malta, containing the information of 1,700 participants. Initially priced at $4,000, the asking price for this list was later reduced to $650, as the seller appeared to struggle with finding buyers. The seller referred to this information as “insider and exclusive,” suggesting the high value placed on this data in certain circles.
The seller claimed that the data was not “leaked” and attempted to justify the sale by stating that it was “not sensitive” and that “most people are open to such marketing.” However, the sale of this information clearly opens the door for social engineering and targeted phishing attacks. Scammers can use this personal data to craft convincing messages, direct individuals to malicious links, or launch other types of fraudulent activities.
Unregulated and Potentially Harmful
The individual behind the sale of these lists seemed to act as a reseller, with the likely goal of profiting by acquiring and redistributing event attendee data. Despite the anonymity of the seller, an AI analysis of their writing suggested that both the seller and the compiler of the data were Russian, with one of the sample data tabs titled “List2” in Russian.
When questioned about the database’s authenticity, the seller offered to cross-validate their data by matching it with known attendees of the AIBC event. The seller also indicated that they could prove the legitimacy of the information, further suggesting the data might be accurate and well-organized.
AIBC founder Eman Pulis addressed the issue after Cointelegraph inquired about the lists, emphasizing the event’s strict protocols against data breaches. Pulis acknowledged that while many similar databases are often fraudulent, the firm does regularly face offers of competitor databases. He pointed out that the databases might not necessarily be leaked directly from event organizers but rather gathered from side events with less stringent data protection measures.
While it’s still unclear where the data originates from, one thing is certain: such lists are in high demand among scammers and other malicious actors. Attendees who provide personal information at events should be aware of the risks and understand the potential for their data to be sold and used in fraudulent activities.
Data Point | Example |
---|---|
Personal Information | Full names, phone numbers, nationalities |
Job Role and Company | Job titles, employer names |
Social Media Links | Personal and business profiles |
Ticket Purchase Information | Ticket type, purchase date, operating system used |
Crypto-Specific Data | Wallet addresses, messages to event organizers |
Follow Counts | Social media follower numbers |
Given the extensive personal data that these lists contain, it is critical for attendees at crypto events and similar conferences to be vigilant about the information they provide. While event organizers may implement strict protocols to protect attendee data, the increasing collection of personal and sensitive details through online forms presents an inherent risk, especially when third-party side events may not adhere to the same security standards.
What The Author Thinks
The rise of data trading in the crypto space highlights a growing issue of privacy and security in the industry. With scammers increasingly targeting attendees at crypto events, the need for robust data protection and vigilance by both organizers and participants is essential. As events continue to collect more personal information for marketing purposes, it is critical that attendees remain cautious about sharing sensitive data and are mindful of the long-term risks that could arise from having their information exposed.
Featured image credit: chanwit yasamut via Vecteezy
Follow us for more breaking news on DMR