The cryptocurrency exchange and storage platform Bitso has been recognized for its focus on the security of its clients' funds. However, a data breach has recently been confirmed that could pose a significant risk to users by exposing their personal information and making them vulnerable to scams and phishing attacks.
According to Víctor Ruiz, founder of SILIKN and certified cybersecurity instructor, the recent fraudulent campaign detected may be directly related to a data breach that occurred in May 2023. Following the identification of this breach in February 2025, email addresses, full names, phone numbers, and postal codes of users on the platform were found among the leaked data.
Ruiz warned about the implications of this breach, explaining that cybercriminals could use this information to carry out highly personalized phishing campaigns or identity theft attempts. Furthermore, he alerted about the risk of the leaked data circulating on the dark web, where it could be sold and reused over time by various criminal groups, prolonging the danger for users.
In this context, Bitso has urged its users to take measures to strengthen the security of their accounts, such as enabling two-factor authentication, verifying the authenticity of links before entering credentials, and reporting any phishing attempts. The platform has also highlighted that its support team is available 24/7 to address any inquiries and will never request sensitive data through emails or social media.
Bitso issued an urgent warning about a detected fraud involving a fake raffle for a Tesla Cybertruck, where scammers use the leaked information to target potential victims through links that redirect to fake pages mimicking the original platform and requesting credentials from users.
This event highlights the importance of data security on platforms like Bitso, which is one of the leading cryptocurrency exchange platforms in Latin America, with millions of users in the region. The risks associated with a data breach include exposure to scams, phishing attacks, and potential identity theft, underscoring the need for users to stay alert and take proactive measures to protect their information and funds.
