- \n
- Coinbase confirmed a user-data leak.<\/li>\n
- The operator of a major darknet drug market was sentenced to 30 years.<\/li>\n
- DeFi platform Step Finance lost $40m after a breach of treasury wallets.<\/li>\n
- Global Ledger: crypto scammers are giving victims ever less time to react.<\/li>\n<\/ul>\n<\/div>\n
Coinbase confirms user-data leak<\/h2>\n
Attackers accessed information belonging to 30 Coinbase customers, the exchange confirmed, according to BleepingComputer<\/a>.<\/p>\n
The statement followed soon after the Scattered Lapsus$ Hunters group posted, then deleted, screenshots in Telegram of Coinbase\u2019s internal support interface. The panel showed access to customer data\u2014email addresses, names, dates of birth, phone numbers, KYC<\/span> information, cryptocurrency wallet balances and transactions.<\/p>\n
The leak occurred in December 2025 and is unrelated to an earlier incident. It remains unclear whether the group was directly involved in the latest attack.<\/p>\n
Operator of a major darknet drug market gets 30 years<\/h2>\n
On February 3rd a court sentenced the alleged operator of the Incognito Market darknet drug platform, Rui-Xiang Lin, to 30 years in prison, the U.S. Department of Justice reported<\/a>.<\/p>\n
Prosecutors said the sentence closes one of the largest cases against illicit marketplaces since Silk Road<\/a>.<\/p>\n
Each listing on Incognito Market was posted by a specific seller. To become one, users had to register on the site and pay an entry fee. The platform charged a 5% commission on sales.<\/p>\n
Proceeds funded Incognito Market\u2019s operations, including server costs and staff incentives. Authorities say Lin\u2019s net profit exceeded $6m.<\/p>\n
To simplify finances, Incognito Market ran its own \u201cbank\u201d (Incognito Bank), allowing users to deposit crypto directly into site accounts. After a drug sale closed, funds moved from the buyer\u2019s account to the seller\u2019s address minus commission, preserving a degree of anonymity.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-03035c25ddcc6793-5616799626546013.webp\")
Source: U.S. Department of Justice.<\/figcaption><\/figure>\n Investigators identified the group through blockchain analysis and undercover buys, as well as Lin\u2019s basic cybersecurity blunders:<\/p>\n
- \n
- domain registration. Forensic analysts traced the marketplace domain to Lin because he used his real name, personal phone number and address;<\/li>\n
- biography. Lin studied<\/a> at National Taiwan University, then performed alternative civilian service in Saint Lucia. There he worked as a technical assistant and even taught local police methods to combat cybercrime and work with cryptocurrencies in his spare time.<\/li>\n<\/ul>\n
DeFi platform Step Finance loses $40m after treasury-wallet hack<\/h2>\n
On January 31st Step Finance disclosed<\/a> a security breach. External specialists helped the DeFi platform recover part of the stolen assets.<\/p>\n
Several treasury wallets were compromised via a \u201cwell-known attack vector\u201d, the team said. CertiK initially estimated losses at 261,854 SOL (about $28.9m at the time), but the figure rose to roughly $40m as the investigation progressed.<\/p>\n
\n
#CertiKInsight<\/a> \ud83d\udea8<\/p>\n
We have seen a security breach of @StepFinance_<\/a> treasury wallets.https:\/\/t.co\/Zi3tMKaTqE<\/a><\/p>\n
261,854 SOL (~$28.9M) has been withdrawn after stake authorization had been transferred tohttps:\/\/t.co\/o51kREYPHW<\/a> <\/p>\n
Stay Vigilant! pic.twitter.com\/GrxpyzI2Uv<\/a><\/p>\n
\u2014 CertiK Alert (@CertiKAlert) January 31, 2026<\/a><\/p><\/blockquote>\n