Waltio Files Complaint Over Extortion and Crypto Data Breach

Key Highlights

Waltio reported an attempted extortion tied to a data breach discovered on January 21.
The exposed data may include user emails and aggregated 2024 tax report figures, not funds or credentials.
The company has notified regulators and launched a full security review with external experts.

Waltio, a France-based crypto tax and portfolio tracking platform, said it filed a formal complaint after a cyberattack led to an attempted extortion. The incident, confirmed on Friday and detected on January 21, involved unauthorized access to limited company data during a sophisticated intrusion.

The breach may have potentially affected tens of thousands of users, though no funds or sensitive credentials were compromised. The company said the attack appears to be tied to previously generated 2024 tax reports and stressed that its core infrastructure remains secure and fully operational.

Ce vendredi matin, nous avons déposé plainte pour tentative d'extorsion et atteinte à un système de traitement automatisé de données.
Le 21 janvier 2026, nous avons été destinataire d’une tentative d’extorsion. Celle-ci semble faire suite à une attaque particulièrement…
— Waltio (@Get_Waltio) January 23, 2026

What data was accessed, and what wasn’t

According to Waltio, the compromised information may include user email addresses and aggregated figures from 2024 tax reports, such as gains, losses, and account balances as of December 31, 2024. For many users, the data was incomplete and limited to basic counters rather than full tax calculations.

In a blog post, Waltio emphasized that no sensitive credentials or asset-related information were exposed. Passwords, exchange API keys, wallet addresses, transaction histories, and banking details were not affected. The company also noted it does not store personal identity data beyond email addresses.

“Our investigations show that this is not an active intrusion into our current production infrastructure. Waltio services are operating normally; user accounts and the production infrastructure are secure. Initial internal investigations indicate that the causes of this intrusion have been resolved,” said Waltio CEO Pierre Morizot.

Alleged extortion and the “Shiny Hunters” link

Local media reported that the extortion attempt may be connected to Shiny Hunters, a group previously linked to high-profile data breaches. Sources cited by the outlet said the attackers demanded a ransom after alleging access to data tied to roughly 50,000 users, many of them based in France.

Waltio has not publicly confirmed the identity of the attackers but said it has filed a complaint for attempted extortion and illegal access to an automated data processing system.

While the breach does not expose funds, Waltio warned that the main risk now lies in targeted fraud attempts. Attackers could use contextual tax-related information to make phishing emails, calls, or messages appear more credible.

The company reminded users that it will never ask for transfers, sensitive information, or urgent actions via unsolicited messages. As a precaution, Waltio urged users to strengthen email security, enable two-factor authentication, and consider using a dedicated email address for crypto-related services.

Moreover, Waltio said it has notified France’s data protection authority, the CNIL, and is working with national cybercrime investigators. The firm has also engaged external cybersecurity specialists to conduct a full review of historical configurations and reinforce internal controls.