French Crypto Tax Platform Waltio Investigated After Data Breach Exposes 5,000 Users
On December 24, 2025, dark web intelligence firm Brinztech identified a database containing the personal data of approximately 5,000 French cryptocurrency holders listed for sale. The exposed information, linked to crypto tax platform Waltio, reportedly included emails and summary details from 2024 tax reports but no passwords, wallet addresses, or banking data were compromised.
French authorities launched an investigation following the breach, with the Paris Prosecutor’s cybercrime unit assigning the case to France’s National Cyber Unit. The probe aims to determine the full scope of the stolen data and identify affected users. Waltio confirmed the incident in a January 23, 2026, security notice, acknowledging an extortion attempt received two days prior. The company filed a criminal complaint for unauthorized system access and attempted extortion, describing the attack as "particularly sophisticated."
The breach has raised concerns beyond digital security. French authorities issued warnings about criminals impersonating law enforcement to target victims, emphasizing that police will never request confidential data by phone or appear unannounced at residences. The alert follows a surge in physical attacks on crypto holders, including a January 14 kidnapping of a retired couple in Sallanches and a foiled abduction attempt in Paris on January 23.
Waltio maintains that the exposed data was limited to emails and tax report summaries, though Brinztech’s initial report suggested the dark web listing included names and phone numbers information Waltio claims it does not collect. The discrepancy remains unresolved, and it is unclear whether the December dark web listing is directly tied to the January extortion attempt. Waltio has notified France’s data protection authority (CNIL) and advised users to verify security codes in official communications.
The incident underscores the risks faced by crypto tax platforms, which handle sensitive transaction data under international reporting requirements. It also follows a separate January 2026 breach at French hardware wallet maker Ledger, highlighting growing cybersecurity threats in the sector. Investigations into the Waltio breach are ongoing.
Waltio cybersecurity rating report: https://www.rankiteo.com/company/waltio
ZenLedger cybersecurity rating report: https://www.rankiteo.com/company/zenledger-io
"id": "WALZEN1769189829",
"linkid": "waltio, zenledger-io",
"type": "Breach",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '5000',
'industry': 'Financial Services (Cryptocurrency)',
'location': 'France',
'name': 'Waltio',
'type': 'Crypto Tax Platform'}],
'customer_advisories': 'Waltio advised users to verify security codes in '
'official communications and be cautious of '
'impersonation scams.',
'data_breach': {'data_exfiltration': 'Yes (listed for sale on dark web)',
'number_of_records_exposed': '5000',
'personally_identifiable_information': 'Yes (emails, '
'potentially names and '
'phone numbers)',
'sensitivity_of_data': 'Moderate (no passwords, wallet '
'addresses, or banking data)',
'type_of_data_compromised': 'Personal data (emails, tax '
'report summaries, potentially '
'names and phone numbers)'},
'date_detected': '2025-12-24',
'date_publicly_disclosed': '2026-01-23',
'description': 'On December 24, 2025, dark web intelligence firm Brinztech '
'identified a database containing the personal data of '
'approximately 5,000 French cryptocurrency holders listed for '
'sale. The exposed information, linked to crypto tax platform '
'Waltio, included emails and summary details from 2024 tax '
'reports but no passwords, wallet addresses, or banking data. '
'French authorities launched an investigation, and Waltio '
'confirmed the incident in a January 23, 2026, security '
'notice, acknowledging an extortion attempt received two days '
'prior.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Emails, tax report summaries (potentially '
'names and phone numbers)',
'identity_theft_risk': 'Moderate (due to exposed personal data)',
'legal_liabilities': 'Potential regulatory fines (CNIL)',
'payment_information_risk': 'None (no banking data compromised)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Risks faced by crypto tax platforms handling sensitive '
'transaction data under international reporting '
'requirements; importance of verifying security codes in '
'official communications to prevent impersonation scams.',
'motivation': 'Extortion',
'recommendations': 'Enhanced monitoring for unauthorized access, user '
'education on impersonation scams, and stricter data '
'collection policies to avoid storing unnecessary personal '
'information.',
'references': [{'source': 'Brinztech'},
{'date_accessed': '2026-01-23',
'source': 'Waltio Security Notice'},
{'source': 'Paris Prosecutor’s Office'}],
'regulatory_compliance': {'legal_actions': 'Criminal complaint filed for '
'unauthorized system access and '
'attempted extortion',
'regulations_violated': 'Potential GDPR violations '
'(CNIL notified)',
'regulatory_notifications': 'CNIL (France’s data '
'protection authority)'},
'response': {'communication_strategy': 'Security notice issued to users, CNIL '
'notified, warnings about '
'impersonation scams',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes (Paris Prosecutor’s cybercrime '
'unit, France’s National Cyber '
'Unit)'},
'stakeholder_advisories': 'French authorities warned about criminals '
'impersonating law enforcement to target victims; '
'advised users to verify security codes in official '
'communications.',
'title': 'French Crypto Tax Platform Waltio Data Breach Exposes 5,000 Users',
'type': 'Data Breach'}