September 26, 2022

If the world has stable digital currencies (or stablecoins) with values ​​pegged to USD like USDT or BUSD, then Vietnam also has a stablecoin with similar properties called VNDC. From October 2021, this VNDC application changes its name to ONUS with the intention of redirecting to become a new platform.

Source: genk.vn

While attracting a large number of users with firm commitments to security, recently, on the R***forums forum – a place often used by hackers to sell blocks of data they collected – a user named vndcio said he was able to hack into ONUS’s server and took away all the data in it.

Source: CafeBiz

This data block contains the eKYC (electronic Know Your Customer) identity information of nearly 2 million users on this ONUS platform. Usually, during the registration process to open an account on these digital currency platforms, users must provide real identification information including a scanned copy of their personal papers, an authentic phone number, as well as a recorded clip. the user’s face – instead of just the usual email and name.

To prove this, vndcio’s post has posted many screenshots showing the phone number used and the real name used to register the user’s account as well as a series of photos of personal identification documents, as well as video clips to authenticate the user’s face.

Source: VOV

Not only that, in his post on R***forums, this user said that he deleted this entire block of data on ONUS’s server. This means that in the event ONUS does not back up its database, the data block in the hands of this hacker will be unique.

The above identifying information shows the extremely serious level when the above data block is for sale on this forum. Not only contains detailed information about users, its seriousness also lies in the number of users in it. According to vndcio, while this data block contains information about about 2 million users, 90% of them are users from Vietnam.

People whose personal information is included in this for sale can become targets for harassing spam calls, as well as victims of targeted phishing attacks.