Security Breach Exposes TrueUSD User Data

On October 16, 2023, TrueUSD, the issuer of the stablecoin TUSD, announced that they had fallen victim to a security breach initiated by a third party. This breach led to the exposure of personal information of some of their customers.

The issuer of the TUSD stablecoin confirmed this breach and stated that both the TUSD system and TUSD reserves remained unaffected.

The compromised personal information included names, email addresses, phone numbers, customer addresses, birthdates, bank names, transaction histories, and even on-chain wallet addresses, particularly for customers who registered between 2018 and 2019.

According to an email notification, the cause of this incident is believed to be related to a security vulnerability within TrueCoin, the former management company of TrueFi (TRU). TrueCoin provided banking services, customer registration, and managed products related to TrueUSD until July 13, 2023.

The email notification also mentioned that, following the discovery of the breach, TrueCoin’s cybersecurity and technical teams conducted an investigation to assess the extent of the impact. They advised customers to closely monitor their personal accounts and report any suspicious activity promptly.

TUSD team was informed by TrueCoin that they received a third-party vendor’s notification that the vendor’s Security Team detected “an anomalous account change within [TrueCoin’s] organization made by a compromised support vendor.”

— TrueUSD (@tusdio) October 16, 2023

TrueCoin informed TrueUSD on September 20, 2023, that they received a notice from a third-party provider about “an unusual change in TrueCoin’s account performed by a compromised support provider.” TrueCoin also stated that they had no records of the attacker downloading, altering, or deleting personal information from their systems.

TUSD is a stablecoin that has been favored by Binance, with continuous minting and the announcement of trading pairs with TUSD. This stands in contrast to CZ’s (Changpeng Zhao) former pet project, BUSD. Following a series of negative reports surrounding BUSD and its issuer, Paxos, BUSD ceased issuance and was continually burned. Meanwhile, Binance consistently released additional TUSD stablecoins into the market.