Read more of this story at Slashdot.
French authorities have opened a preliminary investigation into a data breach at Waltio, a cryptocurrency tax reporting platform used by tens of thousands of investors.
This occurred when hackers reportedly got access to sensitive user information and tried to blackmail the company.
The event has brought up new issues regarding the exposure of personal data in the crypto industry, as target fraud and physical attacks against holders are becoming more and more frequent in France.
In a statement released this week, French cybersecurity institutions confirmed that, via its cybercrime division, the Paris Public Prosecutorβs Office had issued an order to the National Cyber Unit of the Gendarmerie to establish the extent of the breach and identify exposed users.
Officials advised that users whose information might have been stolen should be wary of scammers who claim to be genuine service providers or other officials and force them to give up their digital assets using the stolen information.
The law enforcement agencies reported that some more recent fraudsters posed as crypto businesses, bank anti-fraud units, or even law enforcement officers and magistrates.
French newspaper Le Parisien stated that the attack at Waltio was associated with a ransom demand by a hacking organization called Shiny Hunters.
The group purportedly had obtained personal information of approximately 50,000 Waltio users, most of whom reside in France, and said it had samples of the stolen information as proof.
Waltio later filed a complaint of attempted extortion and unauthorized access to the automated data system.
Waltio said its initial internal assessment showed that the attackers accessed tax reports for the 2024 period. These documents included usersβ email addresses, information on crypto profits or losses, and asset balances at the end of the year.
The company stated that banking details, administrative records, and tax identification data were not affected and that its core infrastructure was not compromised.
Waltio added that its services remain operational and that client funds are not at risk.
Waltio was founded in France and is headquartered in Clermont-Ferrand. It serves roughly 150,000 users and focuses on simplifying crypto tax compliance for European investors, particularly in France, Spain, and Belgium.
The platform aggregates transaction data from more than 700 exchanges, wallets, and blockchains to calculate capital gains, losses, and staking income, and generates tax-compliant reports for local filings.
The investigation comes amid heightened scrutiny of crypto-related data leaks in France.
In the last year, police have attributed a number of home invasions, kidnappings, and attempted kidnappings to the criminals who intended to use the knowledge of the victims having digital assets.
Although the leakage of data has not been directly linked to these crimes, the investigation teams have not eliminated the chances of the data being used to establish potential targets.
β Cryptonews.com (@cryptonews) January 9, 2026
Fraud victims have been cautioned to keep evidence, report to the police, and address the data protection authority in France in instances where they feel that their personal data has not been sufficiently safeguarded.
The Waltio incident is not the first case of data exposure in the crypto industry in the past.
Hardware wallet manufacturer Ledger announced earlier this month that a breach of a third-party payment processor, Global-e, took place, exposing the data of its customers.
Last month, crypto tax software developer Koinly also notified users of a potential email data breach related to the use of a third-party analytics platform.
The post French Crypto Tax Platform Waltio Hit by 50,000-User Data Breach appeared first on Cryptonews.
Ethereum cofounder Vitalik Buterin has outlined a personal shift away from Big Tech platforms, framing 2026 as a pivotal year for what he calls βcomputing self-sovereignty.β
This is a concept that extends beyond blockchain and into how individuals use everyday software, communication tools, and artificial intelligence.
2026 is the year we take back lost ground in computing self-sovereignty.
β vitalik.eth (@VitalikButerin) January 22, 2026
But this applies far beyond the blockchain world.
In 2025, I made two major changes to the software I use:
* Switched almost fully to https://t.co/caFP0K5fYF (open source encrypted decentralized docs)
*β¦
In a post shared on X, Buterin described a series of changes he has made across his devices to reduce reliance on centralized, data-intensive services.
He claimed that the process started in 2025 when he transferred nearly completely to the open-source and encrypted and decentralized document platform Fileverse, which is purported to be a privacy-focused alternative to Google Docs.
At roughly the same period, he reported having changed to Signal as his main messaging application, abandoning Telegram.
Signal supports end-to-end encryption on all conversations by default and only retains a little metadata, whereas Telegram encrypts messages only in optional so-called secret chats.
He further stated that it otherwise stores messages and metadata on its servers, a design that has attracted increased attention due to an increase in law enforcement requests in some jurisdictions.
β Cryptonews.com (@cryptonews) April 21, 2025
The changes made in 2026 included more extensive ones, which were due to those initial adjustments.
Buterin claimed to have substituted Google Maps with OpenStreetMap, with Organic Maps on mobile phones, citing the advantage of local and offline use that restricted the volume of location data sent to third parties.
He also left Gmail for Proton Mail, citing encrypted messaging as a more powerful tool to use for confidential communication.
Simultaneously, he claimed to have started giving priority to decentralized social media and still tests the idea of running large language models locally, as opposed to using cloud-based AI services.
The rationale of these decisions is not purity in ideology but practicality, as Buterin wrote.
According to him, it is not necessary to send big amounts of personal information to centralized services, as there are tools that can be used to minimize this exposure.
He admitted that local AI systems still have usability and integration issues, especially for translation, transcription, and document search, but noted that there has been a lot of improvement in the last year.
He explained a more ambitious long-term vision where local models are integrated with cryptographic schemes like zero-knowledge proofs, trusted execution environments, and local data filtering to restrict the information that ever leaves a userβs device.
The remarks made by Butterin come amidst the wider revival of interest in self-sovereign computing, which is a model that highlights the importance of individualized controls of data, identity, and computing resources.
The idea integrates identity systems based on decentralization, personal servers, and privacy-by-design software with the aim of minimizing reliance on platforms that are controlled by corporations.
Privacy activists, including Naomi Brockwell, have long held the position that the most consistent approach to ensuring autonomy is to run software and AI models in place.
The most private way to use AI is to host it locally, but you're limited by your own hardware. There are AI platforms that allow you to access more powerful models & also respect your privacy. Planning to update this video soon to include newcomers like https://t.co/ueOskOEx0g. pic.twitter.com/WlB6PUxlpA
β Naomi Brockwell priv/acc (@naomibrockwell) January 19, 2026
The time also stands out due to the re-evaluation of the strategic value of computing infrastructure by governments and corporations.
Analysts believe that 2026 will be the year of a change in the treatment of AI data centers, energy-backed compute and GPU capacity.
β Cryptonews.com (@cryptonews) January 13, 2026
With the demand of large-scale AI continuing to outpace its supply, compute and energy are becoming viewed as a source of geopolitical power.
In that environment, the appeal of local and decentralized computing models has grown, particularly as concerns mount over surveillance, data residency, and platform dependence.
The post Ethereum Founder Vitalik Buterin Ditches Big Tech: His 2026 βSelf-Sovereignβ Stack Reveals Surprising Changes appeared first on Cryptonews.
Samsung appears to have leaked a built-in privacy display for the Galaxy S26 Ultra, hinting at a hardware-based feature designed to block side-angle viewing.
The post Galaxy S26 Ultra Leak Reveals Samsungβs Built-In Privacy Screen Feature appeared first on TechRepublic.
Researchers with Cyata and BlueRock uncovered vulnerabilities in MCP servers from Anthropic and Microsoft, feeding ongoing security worries about MCP and other agentic AI tools and their dual natures as both key parts of the evolving AI world and easy targets for threat actors.
The post Anthropic, Microsoft MCP Server Flaws Shine a Light on AI Security Risks appeared first on Security Boulevard.
Samsung appears to have leaked a built-in privacy display for the Galaxy S26 Ultra, hinting at a hardware-based feature designed to block side-angle viewing.
The post Galaxy S26 Ultra Leak Reveals Samsungβs Built-In Privacy Screen Feature appeared first on TechRepublic.
The Supreme Courtβs review of United States v. Chatrie puts geofence warrants and mass digital data seizures under Fourth Amendment scrutiny, raising urgent questions about particularity, AI-driven searches, and constitutional limits in the digital age.
The post Mass Data, Mass Surveillance, and the Erosion of Particularity: The Fourth Amendment in the Age of Geofence Warrants and Artificial Intelligence appeared first on Security Boulevard.
Websites that authenticate users through links and codes sent in text messages are imperiling the privacy of millions of people, leaving them vulnerable to scams, identity theft, and other crimes, recently published research has found.
The links are sent to people seeking a range of services, including those offering insurance quotes, job listings, and referrals for pet sitters and tutors. To eliminate the hassle of collecting usernames and passwordsβand for users to create and enter themβmany such services instead require users to provide a cell phone number when signing up for an account. The services then send authentication links or passcodes by SMS when the users want to log in.
A paper published last week has found more than 700 endpoints delivering such texts on behalf of more than 175 services that put user security and privacy at risk. One practice that jeopardizes users is the use of links that are easily enumerated, meaning scammers can guess them by simply modifying the security token, which usually appears at the right of a URL. By incrementing or randomly guessing the tokenβfor instance, by first changing 123 to 124 or ABC to ABD and so onβthe researchers were able to access accounts belonging to other users. From there, the researchers could view personal details, such as partially completed insurance applications.
Login