Paxful says data breach of 'third-party supplier' did not compromise user data

Whoever is behind a new post on Raidforums, a marketplace for buying and selling stolen information, is falsely claiming to have data from millions of Paxful users, according to Paxful.

A spokesperson for the company said that in fact user data has not been compromised. Paxful is still investigating if some employee data could be at risk.

"We are actively investigating this situation and we believe that there has been no data breach of the Paxful platform," the spokesperson said. 

Start your day with the most influential events and analysis happening across the digital asset ecosystem.

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Someone with the username "mafufi" posted the listing around 2AM EST this morning for a price of 1 BTC. They claim to have a database including first name, last name, date of birth, gender, address, phone number, email and passwords of 4.8 million Paxful users and employees. 

A supposed sample of the data posted on the Raidforums listing mostly includes email addresses or alternative providers with the word "paxful" in the handle.

Paxful says the data was obtained illegally from a third-party supplier that the trading platform previously used. In September of 2020, it terminated that contract.

Paxful CEO Ray Youssef also took to Twitter to address concerns related to user data: "1 btc for millions of users? We get this leak spam all the time. Always fake. No user data leaked. However still confirming if some employee data was leaked from 3rd party payroll site. Stay tuned. All identities safu!"

About Author

Aislinn Keely is a reporter on The Block's policy team holding down the legal beat. She covers court decisions, bankruptcies, regulatory actions and other key moments in the legal sphere, putting them in context for the wider crypto in