Crypto Firm ONUS Suffers Data Breach, Data of 2 Mn Customers Put for Sale!

Cryptocurrency is one of the most lucrative targets for malicious actors. Every day the news headlines are filled with crypto trading platforms falling victim to cybercriminals. ONUS is the latest addition to the extensive list.

Recently, cybercriminals attacked Vietnam’s largest crypto trading company and demanded a ransom of USD 5 million. The threat actors threatened ONUS that they would disclose the pilfered information if it failed to pay the ransom.

The perpetrators exploited the Log4Shell vulnerability on the Cyclos server of ONUS to gain illegitimate access to customer information.

Cyclos offers a wide range of point-of-sale (POS) and payment software solutions. Unfortunately, it was using a vulnerable Log4j version in its software solutions.

Although Cyclos notified its customers, including ONUS, to patch their systems, the hackers are proactive enough to exploit the short exposure window to conduct their attack.


Also Read: RIPTA’s Massive Hack Raises Many Questions


The actors successfully exfiltrated sensitive databases that contained nearly 2 million customer records. The pilfered customer data includes full names, E-KYC data, email addresses, phone numbers, encrypted passwords, and transaction history.

Surprisingly, the data breach is more than just a Log4j vulnerability alone. Though attackers exploited the Log4j flaw to gain entry into the ONUS network, the firm’s Amazon S3 buckets is the one that played the spoilsport.

ONUS Data Breach

System misconfigurations on ONUS’ Amazon S3 buckets allowed attackers further access to sensitive data storage locations with production data.

“The hacker took advantage of a vulnerability in a set of libraries on the ONUS system to get into the sandbox server (for programming purposes only),” informed ONUS.

“However, due to a configuration problem, this server contains information that gave bad guys access to our data storage system (Amazon S3) and stole some essential data. This leads to the risk of leaking the personal information of a large number of users.”

However, ONUS refused to pay the ransom and instead notified the impacted customers about the attack via a private Facebook group.

“As a company that puts safety first, we are committed to providing our customers with transparency and integrity in business operations,” said ONUS CEO Chien Tran.

“That is why, after careful consideration, the right thing we need to do now is to inform the entire ONUS community about this incident,” he added.

Hot on the heels of the company’s refusal to pay the ransom, the hackers put the customer data for sale on the dark web.


Also Read: Azure App Service’s Security Flaw ‘NotLegit’ Exposes Source Repository!


The hacker claimed they have accessed copies of 395 ONUS database tables with customers’ personal information and hashed passwords. The claims seem to be true as excerpts of such data were published in hackers’ forum.

“We sincerely apologize and hope for your understanding,” states ONUS.

“This is also an opportunity for us to review ourselves, upgrade and further perfect the system to assure the safety of our users, especially during the transition from VNDC to ONUS.”

How can businesses prevent these attacks?

Cybercriminals have already started exploiting Log4j vulnerabilities to inject crypto miners into vulnerable systems. StealthLabs recommends that all the Log4j users immediately upgrade to the latest versions. Without further ado, businesses must patch the Log4Shell vulnerability in their systems and impose additional restrictions.

Contact Us


More New Articles: