We are providing an update on steps taken by Crypto Tax Calculator (CTC) since becoming aware of a potential sophisticated phishing scam targeting our customers, which we identified as a result of a cyber incident against our third-party provider.
Since our last update, we have been working with a team of external experts to investigate. We have also notified Australian privacy regulators with the required details and the outcomes of our investigations.
Our investigation confirmed there was unauthorised access into CTC’s system. General information was exposed such as user IDs, email addresses and password hashes; and in some instances, chat logs, public blockchain wallet addresses, and cryptocurrency exchange names. Some internal administrative CTC information was also exposed.
This information does not allow access to or transfer of funds via your cryptocurrency exchanges or blockchain wallets. CTC only manages the record keeping obligations of its users, and funds cannot be accessed through our platform. Furthermore, CTC does not collect government-issued identity documents, nor will we ever ask users for private keys, write-access exchange API keys, or to sign a wallet transaction that could enable the transfer of funds.
The accessed information may increase the risk of exposure to a potential sophisticated phishing scam attempting to trick users into releasing further information.
At this stage, CTC has no information to suggest this has happened. CTC strongly recommends all users remain vigilant and adhere to the following security measures:
- While all CTC user passwords are secured with robust one-way encryption, we recommend that all users still adopt a best practice approach to the security of your passwords. This includes rotating your password on CTC and other platforms, and the utilisation of a password manager.
- Make sure you do not share private keys or write-access API keys with unknown third parties. As a reminder, CTC or affiliated sites will never ask you for private keys, write-access exchange API keys, or to sign a wallet transaction which allows for transfer of funds.
- Check all URLs to ensure it is the website that you are intending to visit.
- Remain vigilant and validate all communications from CTC. For any suspicious or unauthorised activity, report this to email@example.com and we will promptly review it.
In response to this incident CTC has taken steps to reinforce the integrity of our systems and no further illegal activity has been detected. The CTC platform remains safe, secure and accessible for its users.
CTC sincerely apologises to all users for any concern or inconvenience this may have caused.
We are committed to the highest standards of security and data integrity and encourage all users to remain vigilant and adhere to the steps outlined above to preserve data security.
The information provided on this website is general in nature and is not tax, accounting or legal advice. It has been prepared without taking into account your objectives, financial situation or needs. Before acting on this information, you should consider the appropriateness of the information having regard to your own objectives, financial situation and needs and seek professional advice. Cryptotaxcalculator disclaims all and any guarantees, undertakings and warranties, expressed or implied, and is not liable for any loss or damage whatsoever (including human or computer error, negligent or otherwise, or incidental or Consequential Loss or damage) arising out of, or in connection with, any use or reliance on the information or advice in this website. The user must accept sole responsibility associated with the use of the material on this site, irrespective of the purpose for which such use or results are applied. The information in this website is no substitute for specialist advice.