news

French Authorities Probe Waltio Data Breach as 50,000 Crypto Users Face Exposure Risk

Nahid
Published: January 23, 2026
(Updated: January 24, 2026)
5 min read
French Authorities Probe Waltio Data Breach as 50,000 Crypto Users Face Exposure Risk

STAY UPDATED WITH COTI

Follow COTI across social media platforms to get the latest news, updates and community discussions.

X IconFollow on XTelegram IconJoin Telegram
Facebook
Instagram
LinkedIn
YouTube

TL;DR

  • French authorities have opened a preliminary investigation into a data breach at crypto tax platform Waltio.
  • A hacking group known as Shiny Hunters reportedly accessed personal data tied to roughly 50,000 users, most based in France.
  • Officials warn that exposed users could be targeted through social engineering or physical extortion attempts tied to crypto holdings.
  • The case highlights growing concerns around personal data security in crypto-adjacent services, especially tax and compliance platforms.

French authorities have launched a preliminary investigation into a data breach involving Waltio, a cryptocurrency tax reporting platform widely used by investors in France. The inquiry follows reports that personal data belonging to tens of thousands of users may have been accessed without authorization, raising concerns about follow-up attacks that could go beyond online fraud.

According to a Thursday notice published by French cybersecurity authorities, the Paris Public Prosecutor's Office and the country’s National Cyber Unit are now investigating the incident, including the nature of the compromised data and the identities of affected users. The notice warned that individuals impacted by the breach could be targeted by bad actors posing as security or compliance officials, attempting to trick them into transferring digital assets under false pretenses.

Waltio, which helps users calculate and declare crypto-related taxes, sits at a sensitive intersection between personal identity and financial activity. While the company has not publicly detailed the full scope of the breach, the involvement of national law enforcement suggests authorities view the matter as more than a routine data leak.

This is not just about email addresses or login credentials. Crypto tax platforms often store information that can map digital wallets to real-world identities, making breaches especially risky in a sector already under pressure from targeted crime.

Hacking group demand ransom after accessing user data

Further details emerged the following day through a report from French newspaper Le Parisien, which said a hacking group known as Shiny Hunters sent a ransom demand to Waltio after the attack. According to the report, the group obtained personal data from approximately 50,000 users, the majority of whom are located in France.

Shiny Hunters is not a new name in the cybersecurity world. The group has previously been linked to breaches involving large consumer platforms, often focusing on data theft followed by extortion attempts. In this case, the alleged demand appears tied to the possession of user information rather than direct access to funds. French authorities have not confirmed the identity of the attackers or whether negotiations took place, but the involvement of a known data-extortion group adds urgency to the investigation. It also raises questions about how attackers may attempt to monetize stolen information in a crypto context, where irreversible transactions and self-custody make recovery difficult once assets are moved.

The official notice from French cybersecurity agencies stressed that affected users should remain vigilant, particularly if contacted by individuals claiming to represent tax authorities, exchanges, or security teams. Such outreach, officials warned, could be a pretext for fraud. 

From data leaks to physical threats

What makes this breach particularly concerning is not just the scale, but the downstream risks it creates. French authorities explicitly warned that users whose data has been exposed could face attempts to coerce them into transferring digital assets. These attempts may rely on fear, urgency, or impersonation of legitimate institutions.

In more extreme cases, criminals have targeted crypto holders in person after acquiring personal details such as names, addresses, and estimates of holdings. Authorities cautioned that affected users could be exposed to “kidnappings and unlawful detentions,” or threats against close relatives aimed at extorting crypto assets. This form of crime has become known informally as a “wrench attack,” a term used to describe situations where attackers rely on physical coercion rather than technical exploits to force victims to hand over digital assets. Unlike traditional bank accounts, crypto wallets typically lack customer support or reversal mechanisms, making victims especially vulnerable once access is compromised.

France has already seen several high-profile cases involving physical attacks against crypto holders or their families, and similar incidents have been reported in other countries. These cases underline why personal data linked to crypto ownership carries heightened risk compared to many other forms of financial information. The Waltio breach fits into a broader pattern where attackers no longer need to breach wallets directly. Instead, they focus on the softer layer around crypto infrastructure: tax tools, analytics platforms, customer databases, and compliance services that quietly hold detailed user profiles.

A warning for the crypto compliance sector

While investigations are still ongoing, the incident is likely to prompt closer scrutiny of how crypto-adjacent platforms handle sensitive user data. Tax reporting services, in particular, are increasingly relied upon as governments tighten reporting requirements and enforcement. That makes them attractive targets for attackers looking to link real identities with digital asset activity.

Closing Thoughts 

For users, the case is a reminder that risk does not end with wallet security. Even those who follow best practices for self-custody can be exposed through third-party services that store personal or financial metadata. Once leaked, that information can be difficult to contain. French authorities have urged potentially affected users to be cautious, avoid responding to unsolicited messages related to security or compliance, and verify communications through official channels. The investigation into Waltio’s breach is still at an early stage, but its implications reach well beyond a single platform.

As crypto adoption continues to intersect with everyday financial reporting, incidents like this underline a growing tension: the push for transparency and compliance on one side, and the need to protect users from increasingly targeted threats on the other. How platforms and regulators respond next may shape trust in this layer of the crypto ecosystem for years to come.

READ MORE: DeFi’s Privacy Crisis: How COTI Could Be the Answer to a $1 Billion Problem

Related Topics

#Hacking#French#Face Exposure Risk#Waltio Data Breach

About the Project

Crypto News

About the Author

Nahid

Nahid

Nahid is a contributor at CotiNews from Bangladesh, covering developments across the COTI ecosystem. His work focuses on breaking down complex updates, technical concepts, and ecosystem news into clear, accessible stories for a wider audience.

View all articles

Disclaimer

The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official stance of CotiNews or the COTI ecosystem. All content published on CotiNews is for informational and educational purposes only and should not be construed as financial, investment, legal, or technological advice. CotiNews is an independent publication and is not affiliated with coti.io, coti.foundation or its team. While we strive for accuracy, we do not guarantee the completeness or reliability of the information presented. Readers are strongly encouraged to do their own research (DYOR) before making any decisions based on the content provided. For corrections, feedback, or content takedown requests, please reach out to us at

contact@coti.news

Stay Ahead of the Chain

Subscribe to the CotiNews newsletter for weekly updates on COTI V2, ecosystem developments, builder insights, and deep dives into privacy tech and industry.
No spam. Just the alpha straight to your inbox.

We care about the protection of your data. Read our Privacy Policy.