On the night of January 21, tax assistant Waltio was the victim of a data leak, quickly followed by an extortion attempt attributed to the hacker group “Shiny Hunters.” According to initial reports, nearly 50,000 users may be affected, while French authorities have launched an investigation. To what extent is the centralization of sensitive data justifiable when it becomes a preferred lever for cybercriminals?
The “Shiny Hunters” behind the extortion linked to the Waltio data leak
On the night of January 21, tax assistant Waltio reported that it had been informed of a data leak. The French authorities have taken up the case and are investigating to determine the nature of the stolen data and identify the victims.
In a press release published by Pierre Morizot, CEO of Waltio, we learn that the platform was attacked by a malicious actor who provided a sample to verify the authenticity of their claim.
According to a report in the newspaper Le Parisien, the famous hacker group “Shiny Hunters” is behind this attack. They claim to have in their possession the personal data of nearly 50,000 customers (1/3 of users), most of whom are located in metropolitan France.
It appears that the adversary contacted Waltio and demanded a ransom. Upon receipt of this message, incident management procedures were initiated. The company explains that it has hired external experts to “analyze the situation with the highest level of rigor.”
Indeed, in a press release, the cybercrime division (J3) of the Paris Public Prosecutor’s Office announced that it had entrusted the investigation to the National Cyber Unit of the National Gendarmerie (UNCyber).
According to Waltio, initial findings from the investigation show that the intrusion is no longer active and that all of the platform’s services are functioning normally.
As for the data concerned, the scope is limited to “the generation of 2024 tax reports, closed on December 31, 2024,” according to the press release. It is therefore possible to retrieve the user’s email address and data from the reports (gains, losses, balances).
By its nature, Waltio’s tax assistant aggregates data from your accounts on trading platforms in order to analyze it and then calculate the amount of your taxable capital gains.
Pierre Morizot nevertheless reassures users that “no data allowing access to your crypto-assets has been compromised.” He also points out that the platform does not require any information relating to your identity (first name, last name, postal address, phone number, date of birth).
The company explains that it is continuing its investigation by conducting a complete review of its IT system history. A direct communication will be sent to potentially affected users, accompanied by “clear and operational” recommendations.
In addition, Waltio announces that it is committed to continuing to report the incident to the CNIL (French Data Protection Authority) and has filed a complaint through its lawyer, Maître Romain Chilly, with the J3 section of the Paris Public Prosecutor’s Office.
As stated in the press release, the main risk with this type of leak is not technical theft of funds. Attackers will prefer to exploit contextual elements to target victims with phishing or scam attempts.
They will use several cognitive biases to put you in a stressful situation and push you into making a mistake:
- urging you to react quickly;
- threatening financial loss;
- impersonating a legitimate figure;
- fear of negative consequences;
- social pressure…
It is therefore particularly important to clearly identify who you are dealing with. You can verify the authenticity of a Waltio email using the security code at the bottom of marketing emails. Check that it matches the ones in your account, recommends Waltio.
It should also be noted that the company does not have your phone number or postal address, so you will not receive any calls, text messages, or mail from them.
This event contributes to reinforcing the climate of fear among cryptocurrency holders in France. Recently, cases of kidnapping, false imprisonment, and threats have been constantly in the news.
The centralization of sensitive information creates a single repository of data and constitutes a major vulnerability. The particularly long list of data leaks (including a number of public bodies) recorded by the bonjourlafuite website for the year 2025 raises questions about the legitimacy of certain services accessing this type of data.
As explained by Adan, this collection is often driven by regulatory requirements; the substantial scale of the processing of this data needs to be reviewed so as not to create new areas of vulnerability.
Adan is observing with great concern the increase, since the beginning of 2026, in serious acts of violence targeting investors and players in the crypto-asset sector in France. These events call for a response from the public authorities that is commensurate with the…
— Adan (@adan_asso) January 23, 2026
No matter what protections are assigned to an IS, it will always be vulnerable. Therefore, to reduce the attack surface, the only solution seems to be data minimization: zero data, zero leaks.
